[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: coderman <coderman@xxxxxxxxx>
Date: Wed, 6 Apr 2011 14:07:02 -0700

On Wed, Apr 6, 2011 at 1:31 PM,  <Valdis.Kletnieks@xxxxxx> wrote:
> ...
> (Yes, I've seen more than       misconfigured getup that was serving up a 
> FQDN for
> hostname and "" for domainname. You'd think hotels, coffeeshops, and the like
> would have enough sense to contract out to competent providers rather than try
> to do it themselves. ;)

~_~;

wonder how many servers this same trick works on in opposite direction.
  [they'd have to fix after leasing to '\vrm -rf /' ... get to work Valdis! ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Ryan Sears
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: coderman
- Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] password.incleartext.com
Next by Date: Re: [Full-disclosure] password.incleartext.com
Previous by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Next by thread: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
Index(es):
- Date
- Thread