Public bug reported: dhclient doesn't strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client.
See also: http://www.isc.org/software/dhcp/advisories/cve-2011-0997 ** Affects: dhcp3 (Ubuntu) Importance: Undecided Status: New ** Tags: security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0997 ** Tags added: security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/753580 Title: dhclient does not strip or escape shell meta-characters -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
