CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH

[Raphael Geissert <geissert () debian org>]

Hi,

Michael Stapelberg, Tollef Fog Heen, and Michael Biebl discovered that 
dhclient was setting dhclient-script's PATH to one that included a 
subdirectory of the build directory[1].
This issue is caused by the way isc-dhcp is packaged in Debian.

At least two versions of isc-dhcp for the amd64 (x86_64) architecture in 
Debian were found two be setting PATH to a subdirectory of /home/zero79/, 
which would allow a user with such HOME directory to be able to execute code 
as root.

To clarify the bug report: it is not specific to samba or hooks in general, 
PATH is injected in the environment passed to the execve() call that 
executes dhclient-script.

Since this issue doesn't affect the stable release, there won't be a DSA. 
This email is just a heads up.

[1]http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net