Thanks for reporting this issue.
This issue is not present in Ubuntu 8.10 (Intrepid) and newer releases.
For older releases, as you said, a user needs to be added to the dhcp group. As such, I don't think this issue mandates a security update.
If you discover any other way of exploiting this without adding the user to the dhcp group, please feel free to re-open this bug.
Thank you.
Thanks for reporting this issue.
This issue is not present in Ubuntu 8.10 (Intrepid) and newer releases.
For older releases, as you said, a user needs to be added to the dhcp group. As such, I don't think this issue mandates a security update.
If you discover any other way of exploiting this without adding the user to the dhcp group, please feel free to re-open this bug.
Thank you.