Linux DHCP Client Has Remote Code Execution Flaw

How would you know if someone set up a rogue DHCP server within your network?  Even if it were an accidental deploy of a machine with DHCP service turned on with no intention to exploit this flaw, a rogue DHCP server can cause quite a bit of headache.

The dhclient software does not block commands that contain meta-characters, making it possible for rogue DHCP servers on a targeted network to remotely execute malicious code, the Internet Systems Consortium said on April 5. No known exploits exist in the wild, but it is possible that attackers will now start using the bug to break into networks.

In its advisory, ISC wrote, “dhclient doesn’t strip or escape certain shell meta characters in dhcpd responses.”

The vulnerability exists in versions prior to 3.1-ESV-R1, 4.1-ESV-R2, and 4.2.1-P1, according to the ISC advisory (CVE-2011-0997). Attackers can compromise a DHCP server to send out malicious hostname replies containing shellcode. The dhclient executes the shellcode when processing the hostname replies using its system-level privileges on the client system.

via Linux DHCP Client Has Remote Code Execution Flaw – Security – News & Reviews –

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s