|
|
Log in / Subscribe / Register

Pardus alert 2011-71 (dhcp)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-71] DHCP: Arbitrary Command Execution 


Date:
    	      Tue, 3 May 2011 14:12:10 +0300


Message-ID:
    	      <201105031412.10989.meltem@pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-71            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-05-02
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability have been fixed in dhcp, which allows remote  attackers 
to execute arbitrary commands 


Description
===========

CVE-2011-0997: 

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before
3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows  remote  attackers  to 
execute arbitrary commands  via  shell  metacharacters  in  a  hostname 
obtained from a DHCP message. 



Affected packages:

  Pardus 2009:
    dhcp, all before 4.2.1_p1-26-9


Resolution
==========

There are update(s) for dhcp. You can update them via Package Manager or
with a single command from console: 

    pisi up dhcp

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17807

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds