Full Disclosure mailing list archives
Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: Valdis.Kletnieks () vt edu
Date: Wed, 06 Apr 2011 15:40:31 -0400
On Wed, 06 Apr 2011 14:01:58 EDT, Ryan Sears said:
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Seems a tad buggy in the mitigation section: new_host_name=${new_host_name//[^a-zA-Z0-9]/} I suspect they wanted: new_host_name=${new_host_name//[^-.a-zA-Z0-9]/} Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your hostname just became foobarbazexamplecom - whoops. Oh, and - just because that's valid in a hostname too...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Ryan Sears (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Marcus Meissner (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Valdis . Kletnieks (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Valdis . Kletnieks (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Nick FitzGerald (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)