[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)

To: Ryan Sears <rdsears@xxxxxxx>
Subject: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: Valdis.Kletnieks@xxxxxx
Date: Wed, 06 Apr 2011 15:40:31 -0400

On Wed, 06 Apr 2011 14:01:58 EDT, Ryan Sears said:

> https://www.isc.org/software/dhcp/advisories/cve-2011-0997

Seems a tad buggy in the mitigation section:

new_host_name=${new_host_name//[^a-zA-Z0-9]/}

I suspect they wanted:

new_host_name=${new_host_name//[^-.a-zA-Z0-9]/}

Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your hostname
just became foobarbazexamplecom - whoops.  Oh, and - just because that's valid 
in a
hostname too...

Attachment: pgpjRHQ8004RI.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: coderman

References:
- [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Ryan Sears

Prev by Date: Re: [Full-disclosure] password.incleartext.com
Next by Date: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Previous by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Next by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Index(es):
- Date
- Thread