[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)

To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: Ryan Sears <rdsears@xxxxxxx>
Date: Wed, 6 Apr 2011 14:01:58 -0400 (EDT)

Hey guys,

It was recently discovered (NOT by myself) that the ISC dhclient was vulnerable 
to certain shell metacharacters in the hostname parameter specified by *any* 
DHCP server, causing it to potentially run arbitrary commands as root. I 
haven't seen anything else on it here, so I figured I'd make everyone aware. 

There's only one real phrase that comes to mind => WTF?

https://www.isc.org/software/dhcp/advisories/cve-2011-0997

http://www.h-online.com/security/news/item/DHCP-client-allows-shell-command-injection-1222805.html

Ryan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Marcus Meissner
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
Next by Date: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Previous by thread: [Full-disclosure] [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
Next by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Index(es):
- Date
- Thread