Knowledge Search


×
 

Vulnerabilities in ISC's DHCPD (CERT/CC #317350 and #654390)

  [JSA10335] Show Article Properties


Legacy Advisory Id:
PSN-2004-06-004
Product Affected:
All Juniper Networks routing platforms and integrated firewall/IPSec VPN appliances
Problem:
Several vulnerabilities have been found in the Internet Software Consortium's (ISC) distribution of the Distributed Host Configuration Protocol daemon (dhcpd). These vulnerabilities might permit an attacker to execute arbitrary code with the privileges of dhcpd (typically run as root); however, no working exploit is known to exist. These vulnerabilities are described in more detail in CERT/CC Vulnerability Notes #317350 and #654390.
Solution:
Certain Juniper Networks products (E-series routers and integrated firewall/IPsec VPN appliances) include an implementation of dhcpd. However, no Juniper Networks product includes dhcpd code from ISC. Therefore, Juniper Networks products are not susceptible to these vulnerabilities.
Implementation:
Juniper Networks products are not susceptible to the vulnerabilities described above. No action is required.
Related Links:
Risk Level:
None
Risk Assessment:
Juniper Networks products are not susceptible to this vulnerability.