Full Disclosure mailing list archives
Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: coderman <coderman () gmail com>
Date: Wed, 6 Apr 2011 13:19:18 -0700
On Wed, Apr 6, 2011 at 12:40 PM, <Valdis.Kletnieks () vt edu> wrote:
... Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your hostname just became foobarbazexamplecom - whoops.
a DHCP server should not reply with a FQDN as hostname. hostname 'foo' at domainname 'bar.baz.example.com' is legit though... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Ryan Sears (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Marcus Meissner (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Valdis . Kletnieks (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Valdis . Kletnieks (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Nick FitzGerald (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)