Caldera DHCP Package Format String Vulnerabililty

DHCP is the Dynamic Host Configuration Protocol, an open source, freely available, RFC specified networking protocol for host management. It is included with most versions of the UNIX Operating System.

A problem with the Caldera implementation could create the possibility of a format string attack. The problem affects both the DHCP daemon and client, and involves string formatting when passed through the error logging code. It is possible to pass custom crafted packets to both the DHCP daemon and DHCP client that will result in an error, and pass the formatted strings to a static buffer. This buffer will then be filled and overflowed, overwriting variables on the stack and potentially executing arbitrary code. This problem makes it possible for a user with malicious motives to execute arbitrary code, potentially gain access, and elevated privileges.


Privacy Statement
Copyright 2010, SecurityFocus