FS#23609 : [dhclient] dhclient does not strip or escape shell meta-characters

FS#23609 - [dhclient] dhclient does not strip or escape shell meta-characters

Attached to Project: Arch Linux
Opened by Isenmann Daniel (ise) - Wednesday, 06 April 2011, 11:50 GMT
Last edited by Isenmann Daniel (ise) - Thursday, 14 April 2011, 10:24 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Isenmann Daniel (ise)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server (like hostname) before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client.

https://www.isc.org/software/dhcp/advisories/cve-2011-0997

This task depends upon

Closed by Isenmann Daniel (ise)
Thursday, 14 April 2011, 10:24 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in pacakge 4.2.1.1-1

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#23609 - [dhclient] dhclient does not strip or escape shell meta-characters

Details

Loading...