Bugtraq mailing list archives
Re: ISC DHCP client v2 hole fixed...or not?
From: beck () OPENBSD ORG (beck () OPENBSD ORG)
Date: Fri, 14 Jul 2000 16:30:09 -0600
Executive summary: the official fix for the recent ISC DHCP client vulnerability is not as thorough as it should be. ... ... Unfortunately, when you look at client/dhclient.c, you can see that not every value is processed with pretty_print_option() or something similar. Here is an example from script_write_params()
OpenBSD released a different fix for the dhclient shipped with OpenBSD, see http://www.openbsd.org/errata.html#dhclient. This was not the fix shipped by ISC. The patch released by OpenBSD is *not* vulnerable to these problems. Our fix did two things: 1) Make dhclient-script safely quote anything it gets from the environment to avoid these problems 2) We pass the variables to dhclient-script by constructing an environment and running dhclient-script with an execve rather than using a temporary shell script. -Bob ------- End of Forwarded Message
Current thread:
- Re: ISC DHCP client v2 hole fixed...or not? beck () OPENBSD ORG (Jul 14)
- Re: ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 17)
- [Debian] New version of cvsweb released Aleph One (Jul 17)