[Bug 753580] [NEW] dhclient does not strip or escape shell meta-characters
Dmitry
753580 at bugs.launchpad.net
Thu Apr 7 14:07:13 UTC 2011
Public bug reported:
dhclient doesn't strip or escape certain shell meta-characters in dhcpd
responses, allowing a rogue server or party with with escalated
privileges on the server to cause remote code execution on the client.
See also: http://www.isc.org/software/dhcp/advisories/cve-2011-0997
** Affects: dhcp3 (Ubuntu)
Importance: Undecided
Status: New
** Tags: security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-0997
** Tags added: security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in Ubuntu.
https://bugs.launchpad.net/bugs/753580
Title:
dhclient does not strip or escape shell meta-characters
More information about the Ubuntu-server-bugs
mailing list