dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
Bug #931036 reported by
Zubin Mithra
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dhcpcd (Debian) |
Fix Released
|
Unknown
|
|||
dhcpcd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
dhcpcd5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Won't Fix
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands
via shell metacharacters in a hostname obtained from a DHCP message.
CVE-2011-0996.
This is how opensuse patches it(check out dhcpcd-
https:/
Requires patch/debdiff for Ubuntu Maverick.
description: | updated |
Changed in dhcpcd (Ubuntu): | |
status: | New → Confirmed |
Changed in dhcpcd (Ubuntu): | |
status: | New → Fix Released |
Changed in dhcpcd (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in dhcpcd (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in dhcpcd5 (Ubuntu Oneiric): | |
status: | New → Fix Released |
Changed in dhcpcd5 (Ubuntu Precise): | |
status: | New → Fix Released |
Changed in dhcpcd (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in dhcpcd (Ubuntu Precise): | |
status: | Fix Released → Confirmed |
Changed in dhcpcd (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in dhcpcd5 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in dhcpcd5 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in dhcpcd5 (Ubuntu Natty): | |
status: | New → Confirmed |
Changed in dhcpcd (Debian): | |
status: | Unknown → New |
Changed in dhcpcd (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
Please find attached a debdiff for maverick based on the patch used for opensuse(linked above). The netbios message related stuff has been omitted.