|
|
Log in / Subscribe / Register

Pardus alert 2011-78 (dhcpcd)



From:
    	      Meltem Parmaksız <meltem@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2011-78] dhcpcd: Execute Arbitrary Commands 


Date:
    	      Thu, 26 May 2011 14:59:58 +0300


Message-ID:
    	      <201105261459.59021.meltem@pardus.org.tr>



------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-78            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-05-26
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in dhcpcd,  which  allows  attackers  to 
execute arbitrary commands. 


Description
===========

CVE-2011-0996: 

dhcpcd before 5.2.12  allows  remote  attackers  to  execute  arbitrary 
commands via shell metacharacters in a hostname obtained  from  a  DHCP 
message. 





Affected packages:

  Pardus 2009:
    dhcpcd, all before 5.1.5-22-7
  Pardus 2011:
    dhcpcd, all before 5.2.12-31-p11


Resolution
==========

There are update(s) for dhcpcd. You can update them via Package Manager 
or with a single command from console: 

  Pardus 2009:
    pisi up dhcpcd

  Pardus 2011:
    pisi up dhcpcd


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=17803

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds