ISC DHCPD NSUPDATE MiniRes Library Remote Buffer Overflow Vulnerabilities

Multiple buffer overflow vulnerabilities have been reported for the ISC DHCPD service. The vulnerability occurs when the DHCP server is configured to dynamically update records. The vulnerability exists in the library used by NSUPDATE to resolve hostnames.

An attacker can exploit these vulnerabilities by sending a malformed DHCP message containing an overly large hostname value. This will trigger the buffer overflow condition and any embedded attacker-supplied code may be executed.


 

Privacy Statement
Copyright 2010, SecurityFocus