Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Remote command execution: BugID: 6200

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
thedark
Second Lieutenant


Joined: 30 Jul 2005
Posts: 1074

PostPosted: Thu Aug 04, 2005 12:08 am    Post subject: Remote command execution: BugID: 6200 Reply with quote
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and
RFC1541 compliant DHCP client daemon, that runs with root privileges
on client machines. A malicious administrator of the regular or an
untrusted DHCP server may execute any command with root privileges on
the DHCP client machine by sending the command enclosed in shell
metacharacters in one of the options provided by the DHCP server.

This problem has been fixed in version 1.3.17pl2-8.1 for the old
stable distribution (potato) and in version 1.3.22pl2-2 for the
testing (sarge) and unstable (sid) distributions. The current stable
distribution (woody) does not contain a dhcpcd package.

We recommend that you upgrade your dhcpcd package (on the client
machine).

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group