oss-sec mailing list archives
CVE request - dhcp clients
From: Tomas Hoger <thoger () redhat com>
Date: Mon, 25 Jul 2011 12:34:32 +0200
Hi! Earlier this year, CVE-2011-0997 was assigned to ICS's dhclient and CVE-2011-0996 dhcpcd for an insufficient DHCP option checking. Similar issue affects busybox's udhcpc. dhcpv6's dhcp6c was previously mentioned and it seems also fixed in SUSE, but did not get its own CVE. The impact for DHCPv6 clients seems significantly lower, as there's no support for hostname option, only domain search option. I'm not sure if anyone identified any good target that handles search option insecurely, I've only found shtool's sh.echo that may use it in sed script, resulting in sed script injection with file overwrite or code execution impact. Given that dhclient and dhcpcd got separate CVEs, udhcpc and dhcp6c should probably get separate ids too. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request - dhcp clients Tomas Hoger (Jul 25)
- Re: CVE request - dhcp clients Josh Bressers (Jul 26)
- Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
- Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
- Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
- Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
- Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
- Re: CVE request - dhcp clients Josh Bressers (Jul 26)