Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request - dhcp clients
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:35:02 -0400 (EDT)

----- Original Message -----

Earlier this year, CVE-2011-0997 was assigned to ICS's dhclient and
CVE-2011-0996 dhcpcd for an insufficient DHCP option checking.

Similar issue affects busybox's udhcpc.

dhcpv6's dhcp6c was previously mentioned and it seems also fixed in
SUSE, but did not get its own CVE.

The impact for DHCPv6 clients seems significantly lower, as there's no
support for hostname option, only domain search option. I'm not sure
if anyone identified any good target that handles search option
insecurely, I've only found shtool's sh.echo that may use it in sed
script, resulting in sed script injection with file overwrite or code
execution impact.

Given that dhclient and dhcpcd got separate CVEs, udhcpc and dhcp6c
should probably get separate ids too.

Use CVE-2011-2716 for udhcpc
CVE-2011-2717 for udhcp6c.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]