Hey guys,
It was recently discovered (NOT by myself) that the ISC dhclient was vulnerable
to certain shell metacharacters in the hostname parameter specified by *any*
DHCP server, causing it to potentially run arbitrary commands as root. I
haven't seen anything else on it here, so I figured
On Wed, Apr 06, 2011 at 02:01:58PM -0400, Ryan Sears wrote:
Hey guys,
It was recently discovered (NOT by myself) that the ISC dhclient was
vulnerable to certain shell metacharacters in the hostname parameter
specified by *any* DHCP server, causing it to potentially run arbitrary
commands
On Wed, 06 Apr 2011 14:01:58 EDT, Ryan Sears said:
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Seems a tad buggy in the mitigation section:
new_host_name=${new_host_name//[^a-zA-Z0-9]/}
I suspect they wanted:
new_host_name=${new_host_name//[^-.a-zA-Z0-9]/}
Otherwise if a
On Wed, Apr 6, 2011 at 12:40 PM, valdis.kletni...@vt.edu wrote:
...
Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your
hostname
just became foobarbazexamplecom - whoops.
a DHCP server should not reply with a FQDN as hostname.
hostname 'foo' at domainname
On Wed, 06 Apr 2011 13:19:18 PDT, coderman said:
On Wed, Apr 6, 2011 at 12:40 PM, valdis.kletni...@vt.edu wrote:
...
Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your
hostname
just became foobarbazexamplecom - whoops.
a DHCP server should not reply with a FQDN as
On Wed, Apr 6, 2011 at 1:31 PM, valdis.kletni...@vt.edu wrote:
...
(Yes, I've seen more than misconfigured getup that was serving up a
FQDN for
hostname and for domainname. You'd think hotels, coffeeshops, and the like
would have enough sense to contract out to competent providers
coderman to Valdis.Kletnieks:
Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your
hostname
just became foobarbazexamplecom - whoops.
a DHCP server should not reply with a FQDN as hostname.
hostname 'foo' at domainname 'bar.baz.example.com' is legit though...
So
