• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
19991125 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (19991222)
Votes (Legacy)
ACCEPT(3) Baker, Ozancin, Stracener
MODIFY(1) Frech
NOOP(1) Christey
Comments (Legacy)
 Christey> Is CVE-1999-0389 a duplicate of CVE-1999-0798?  CVE-1999-0389
   has January 1999 dates associated with it, while CVE-1999-0798
   was reported in late December.
   SCO appears to have acknowledged this as well:
   The poster also claims that OpenBSD fixed this as well.
 Frech> XF:bootp-remote-bo
 Christey> Further analysis indicates that this is a duplicate of CVE-1999-0799
 CHANGE> [Christey changed vote from REJECT to NOOP]
 Christey> What was I thinking?  Brian Caswell pointed out that this is
   *not* the same bug as CVE-1999-0799.  As reported in the
   1998 Bugtraq post, the bug is in bootpd.c, and is related
   to providing an htype value that is used as an index
   into an array, and exceeds the intended boundaries of that

Proposed (Legacy)
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.