Bugtraq mailing list archives
Re: ISC DHCP client v2 hole fixed...or not?
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Mon, 17 Jul 2000 21:54:21 +0200
On Fri, 14 Jul 2000 beck () OPENBSD ORG wrote:
OpenBSD released a different fix for the dhclient shipped with OpenBSD, see http://www.openbsd.org/errata.html#dhclient. This was not the fix shipped by ISC.
...
The patch released by OpenBSD is *not* vulnerable to these problems. Our fix did two things:
... I know and I think this is a good thing (passing data via an intermediate shell script is very awkward and error prone, and I fail to understand why they do it). Nevertheless, you should look at write_client_lease() (which is not affected by your fix) as well. It might be a mere annoyance rather than a real vulnerability when someone puts some arbitrary (raw) data into your dhclient.lease but... --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: ISC DHCP client v2 hole fixed...or not? beck () OPENBSD ORG (Jul 14)
- Re: ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 17)
- [Debian] New version of cvsweb released Aleph One (Jul 17)