Gentoo Linux Security Advisory 201301-6 - Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service. Versions less than 4.2.4_p2 are affected.
52ff96ed35904c6394d9f7d674251ad0c4071daa8bc2b1b6ef5a6f6de136a80b
HP Security Bulletin HPSBMU02752 SSRT100802 - Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). The vulnerabilities could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). Revision 1 of this advisory.
30bc52b92fd916034415c3776af5aa318ac48908a3cb84ed86e9a8ce99bb8554
Apple Security Advisory 2011-11-10-2 - Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available and addresses a security vulnerability. dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.
6e8e307de2ea87a65b2fbe4858a5cdefa741c0cb65ec28c910798ebd7cbf3bd9
Red Hat Security Advisory 2011-0840-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Various other issues were also addressed.
812fe63dbde8488452a02a75040e52b7f39ea4252aaa8e63e8379bc9ac78f5d4
Ubuntu Security Notice 1108-2 - USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem. Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation.
5304a29b072afd7b22861f6a5bec448d166a9a19548bb7b5f72b687ba16b1705
Ubuntu Security Notice 1108-1 - Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation.
de76df1b5a77bbc5de21ad2ea6576d9889587bb1faa9dfa3d1ce525a72e7eb9b
Mandriva Linux Security Advisory 2011-073 - dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support.
b869f67c871d88945a46206ca3939aac0496a05a47a2e9dc074ec6eff18ec5d4
Debian Linux Security Advisory 2217-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.
54aa128164e1a3fc5b22b43fa81ed44f8d8a2ead59b3172b5843a7ef345ea6e9
Debian Linux Security Advisory 2216-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.
2a4dbf9a5f44606d2210505da3eabd5ea25e699d58d5b72c9148efe6503df304
ISC dhclient does not strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client. Versions 3.0.x through 4.2.x are affected.
74c7470b833e5a628636a879d280edb69870985e9edf88bd5ec22165c18462fa