Gentoo: 200302-4 Important: GIT Vulnerability Allows Remote Code Execution
gentoo
January 6, 2003
A lack of input validation on an external script may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such a...
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-3 - -------------------------------------------------------------------- DATE : 2003-01-05 00:01 UTC
- --------------------------------------------------------------------
When assigning an IP address to a network interface, dhcpcd may execute an external script, '/sbin/dhcpd-.exe'. This is an optional configuration that must be setup manually on Gentoo Linux systems by copying the script into /sbin/.
The script 'dhcpcd-.exe' uses values from '/var/lib/dhcpcd/dhcpcd- .info', which originate from the DHCP server. A lack of input validation on this data may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such as ';' and '|'. These commands may run with root privileges.
More information is available at
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/dhcpcd-1.3.20_p0-...Read the Full Advisory
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
PACKAGE : dhcpcd
SUMMARY : remote command execution
EXPLOIT : remote
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!