Debian 2.1 & 2.2 Advisory: Remote Root Exploit in dhcp Client
debian
June 28, 2000
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit.
Topics Covered
Summary
Package: dhcp-client-beta (dhcp-client)
Vulnerability type: remote root exploit
Debian-specific: no
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
(potato) are vulnerable to a root exploit. The OpenBSD team reports that the
client inappropriately executes commands embedded in replies sent from a dhcp
server. This means that a malicious dhcp server can execute commands on the
client with root privilages.
The reported vulnerability is fixed in the package dhcp-client-beta
2.0b1pl6-0.3 for the current stable release (debian 2.1) and in dhcp-client
2.0-3potato1 for the frozen pre-release (debian 2.2). The dhcp server and relay
agents are built from the same source as the client; however, the server and
relay agents are not vulnerable to this issue and do not need to be upgraded.
We recommend upgrading your dhcp-client-beta and dhcp-client immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 ali...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!