Isc dhcp dhclient remote code execution vulnerability in response to Shell characters

Release date:
Updated on:

Affected Systems:
Isc dhcp Client 4.x
Isc dhcp Client 3.x
Isc dhcpd 4.x
Isc dhcpd 3.x
Unaffected system:
Isc dhcp Client 4.2.1-P1
Isc dhcp Client 4.1-ESV-R2
Isc dhcp Client 3.1-ESV-R1
Isc dhcpd 4.2.1-P1
Isc dhcpd 4.1-ESV-R2
Isc dhcpd 3.1-ESV-R1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47176
Cve id: CVE-2011-0997

Isc dhcpd is a Dynamic Host Configuration Protocol server software.

The dhclient of the isc dhcpd client has a remote code execution vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary commands with the superuser permission to completely control the affected computers.

Before the ISC dhclient transmits the response to dhclient-script, it does not remove or escape shell metacharacters returned by some dhcp servers, which can cause arbitrary code execution on the client.

<* Source: Sebastian Krahmer (krahmer@suse.de)
Marius tomascheski

Link: ISC dhclient vulnerability
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

ISC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.isc.org/products/DHCP/