Comment 2 for bug 334346

Thanks for reporting this issue.

This issue is not present in Ubuntu 8.10 (Intrepid) and newer releases.

For older releases, as you said, a user needs to be added to the dhcp group. As such, I don't think this issue mandates a security update.

If you discover any other way of exploiting this without adding the user to the dhcp group, please feel free to re-open this bug.

Thank you.