Full Disclosure mailing list archives
Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
From: Valdis.Kletnieks () vt edu
Date: Wed, 06 Apr 2011 16:31:16 -0400
On Wed, 06 Apr 2011 13:19:18 PDT, coderman said:
On Wed, Apr 6, 2011 at 12:40 PM, <Valdis.Kletnieks () vt edu> wrote:... Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your hostname just became foobarbazexamplecom - whoops.
a DHCP server should not reply with a FQDN as hostname.
Yeah. They shouldn't. Doesn't mean it doesn't manage to happen though. Sometimes it's harder to defend yourself against the crap sent to you by legit services than it is defending against a rogue server... (Yes, I've seen more than misconfigured getup that was serving up a FQDN for hostname and "" for domainname. You'd think hotels, coffeeshops, and the like would have enough sense to contract out to competent providers rather than try to do it themselves. ;)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Ryan Sears (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Marcus Meissner (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Valdis . Kletnieks (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Valdis . Kletnieks (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) Nick FitzGerald (Apr 06)
- Re: ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997) coderman (Apr 06)