oss-sec mailing list archives
CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
From: Raphael Geissert <geissert () debian org>
Date: Mon, 15 Oct 2012 15:50:42 -0500
Hi, Michael Stapelberg, Tollef Fog Heen, and Michael Biebl discovered that dhclient was setting dhclient-script's PATH to one that included a subdirectory of the build directory[1]. This issue is caused by the way isc-dhcp is packaged in Debian. At least two versions of isc-dhcp for the amd64 (x86_64) architecture in Debian were found two be setting PATH to a subdirectory of /home/zero79/, which would allow a user with such HOME directory to be able to execute code as root. To clarify the bug report: it is not specific to samba or hooks in general, PATH is injected in the environment passed to the execve() call that executes dhclient-script. Since this issue doesn't affect the stable release, there won't be a DSA. This email is just a heads up. [1]http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Raphael Geissert (Oct 15)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Henri Salo (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Moritz Muehlenhoff (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)