Re: ISC DHCP client v2 hole fixed...or not?

[peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)]

On Fri, 14 Jul 2000 beck () OPENBSD ORG wrote:

>   OpenBSD released a different fix for the dhclient shipped with
> OpenBSD, see http://www.openbsd.org/errata.html#dhclient. This was not
> the fix shipped by ISC.
...
>   The patch released by OpenBSD is *not* vulnerable to these problems.
> Our fix did two things:
...

I know and I think this is a good thing (passing data via an intermediate
shell script is very awkward and error prone, and I fail to understand why
they do it). Nevertheless, you should look at write_client_lease() (which
is not affected by your fix) as well. It might be a mere annoyance rather
than a real vulnerability when someone puts some arbitrary (raw) data into
your dhclient.lease but...

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."