[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: coderman <coderman@xxxxxxxxx>
Date: Wed, 6 Apr 2011 13:19:18 -0700

On Wed, Apr 6, 2011 at 12:40 PM,  <Valdis.Kletnieks@xxxxxx> wrote:
> ...
> Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your 
> hostname
> just became foobarbazexamplecom - whoops.

a DHCP server should not reply with a FQDN as hostname.

hostname 'foo' at domainname 'bar.baz.example.com' is legit though...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Nick FitzGerald

References:
- [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Ryan Sears
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Next by Date: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Previous by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Next by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Index(es):
- Date
- Thread