CVE-2002-0702

ISC DHCPd 3-3.0.1rc8 - Remote Code Execution via Format String in DNS Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0702. PoCs published by Andi.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in ISC DHCPD 3.0 to achieve remote code execution by crafting a malicious DHCP request. It uses a custom DHCP client configuration to inject shellcode and overwrite return addresses on the stack.

Description

Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andi · cremotebsd

https://www.exploit-db.com/exploits/21440

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in ISC DHCPD 3.0 to achieve remote code execution by crafting a malicious DHCP request. It uses a custom DHCP client configuration to inject shellcode and overwrite return addresses on the stack.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: ISC DHCPD 3.0

No auth needed

Prerequisites: NSUPDATE configuration option enabled (default in 3.0+) · Ability to send DHCP requests to the target server

MITRE ATT&CK