Package: isc-dhcp-client
Version: 4.2.4-7
Severity: normal
File: /sbin/dhclient-script
Tags: security
dhclient puts unchecked strings into environment variables for the
dhclient-script and dhclient-script uses #!/bin/bash. This allows the
recently found bash bugs to be exploited from remote.
On Fri, Sep 26, 2014 at 12:47:39PM +0200, Goswin von Brederlow wrote:
Package: isc-dhcp-client
Version: 4.2.4-7
Severity: normal
File: /sbin/dhclient-script
Tags: security
dhclient puts unchecked strings into environment variables for the
dhclient-script and dhclient-script uses
On Fri, Sep 26, 2014 at 03:53:39PM +0200, Yves-Alexis Perez wrote:
On Fri, Sep 26, 2014 at 12:47:39PM +0200, Goswin von Brederlow wrote:
Package: isc-dhcp-client
Version: 4.2.4-7
Severity: normal
File: /sbin/dhclient-script
Tags: security
dhclient puts unchecked strings into
On ven., 2014-09-26 at 18:06 +0200, Goswin von Brederlow wrote:
Feel free to patch dhclient to sanitize the stgrings before passing
them to the dhclient-script.
In case you missed it, I'm not the dhcp maintainer, it's just my pov as
security team member (remember you tagged the bug “security”).
4 matches
Mail list logo
