Ubuntu
dhcpcd5 package

  1. Maverick (10.10)
  2. Bug #931036
  3. Comment #0

Comment 0 for bug 931036

Revision history for this message
Zubin Mithra (zubin-mithra) wrote :

dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands
via shell metacharacters in a hostname obtained from a DHCP message.

CVE-2011-0996.

This is how opensuse patches it => https://build.opensuse.org/package/rdiff?linkrev=base&package=dhcpcd&project=network:dhcp&rev=31

Requires patch/debdiff for Ubuntu Maverick.