• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ISC DHCPD Server Remote Stack Corruption Vulnerability

ISC DHCPD is prone to a remote stack-corruption vulnerability because the software fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers in the same LAN segment of the vulnerable DHCP server to corrupt the application's stack. This may allow attackers to run arbitrary machine code and to compromise affected computers.

ISC DHCP versions in the 2.x series are vulnerable to this issue. OpenBSD's 'dhcpd' is a fork of ISC DHCPD and is also vulnerable.