dhclient is THE MAIN attack vector for shellshock. Because its a service that
is run the most, by almost all users, whether running a server or not. Did
you even search online before posting? Wow you are an embarrassment, do you
think people are not going to search online themselves, and realize how
foolish you are?
The other reason its a problem, it was opening up random ports besides 67/68
on alot of systems and redhat was ignoring that bugzilla report for over a
year claiming they coudln't fix it.
I mean every single link when i searched shellshock dhclient was related.
Here are the first few. There wasn't a link that wasn't related.
http://null-byte.wonderhowto.com/how-to/hack-like-pro-hack-shellshock-vulnerability-0157651/
https://news.ycombinator.com/item?id=8369443
https://security.stackexchange.com/questions/68156/is-connecting-to-an-open-wifi-router-with-dhcp-in-linux-susceptible-to-shellshoc
(read the checkmarked reply here)
http://resources.infosecinstitute.com/bash-bug-cve-2014-6271-critical-vulnerability-scaring-internet/
"In the KNOWN SHELLSHOCK VECTORS such as HTTP CGI, DHCLIENT, etc. the only
requirement is that attacker-controlled data is copied from a protocol packet
into the execution environment prior to executing bash through an API that
would preserve the environment.
http://www.rapid7.com/db/modules/auxiliary/server/dhclient_bash_env