|
|
Subscribe / Log in / New account

dhcpcd: Character expansion vulnerability

Package(s):dhcpcd CVE #(s):
Created:November 19, 2002 Updated:January 10, 2003
Description: dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon.

dhcpcd has the ability to execute an external script named /sbin/dhcpcd-<interface>.exe when assigning a new IP address to a network interface. This script sources a file named /var/lib/dhcpcd/dhcpcd-<interface>.info that contains several shell variables and assigments with DHCP information.

Simon Kelley pointed out a vulnerability in the way quotes inside these assignments are treated. By exploiting this, a malicious DHCP server (or attackers able to spoof DHCP responses) can execute arbitrary shell commands on the DHCP client (which is run by root).

Alerts:
Mandrake MDKSA-2003:003 dhcpcd 2003-01-09
Gentoo 200301-3 dhcpcd 2003-01-05
Debian DSA-219-1 dhcpcd 2002-12-31
Conectiva CLA-2002:549 dhcpcd 2002-11-18
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds