Short Name |
DHCP:SERVER:FMT-STR |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
DHCP |
Keywords |
DHCP FORMAT STRING |
Release Date |
2004/01/26 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This protocol anomaly is a DHCP option (FQDN or CLIENT_FQDN) with a format string in it. Attackers can gain a shell with the DHCP server user permissions usually root).
The ISC DHCPD (Dynamic Host Configuration Protocol) is a collection of software implementing the DHCP protocol. It is available for a range of operating systems, including BSD and Solaris. A remote format string vulnerability has been reported in multiple versions of the DHCPD server. User supplied data is logged in an unsafe fashion. Exploitation of this vulnerability may result in arbitrary code being executed by the DHCP server, which generally runs as the root user. This vulnerability is dependant on the NSUPDATE configuration option being enabled. NSUPDATE is enabled by default in versions 3.0 and later of the DHCPD server.