The Hacker News Logo
Subscribe to Newsletter

DHCP client allows shell command injection !

The Internet System Consortium's (ISC) open source DHCP client (dhclient) allows DHCP servers to inject commands which could allow an attacker to obtain root privileges. The problem is caused by incorrect filtering of metadata in server response fields. By using crafted host names, and depending on the operating system and what further processing is performed by dhclient-script, it can allow commands to be passed to the shell and executed. A successful attack does, however, require there to be an unauthorised or compromised DHCP server on the local network.

Dhclient versions 3.0.x to 4.2.x are affected. The ISC has released an update. Alternatively, users can deactivate host name evaluation or add an additional line to dhclient-script. Instructions for doing so can be found in the ISC's advisory.

Alongside dhclient-script, X.org's 'X server resource database utility' (xrdb) is also affected, as it also evaluates host names transferred via DHCP. Crafted host names can also prove the undoing of X.Org servers where the X Display Manager Control Protocol (XDMCP) is used. Updating to xrdb 1.0.9 fixes the vulnerabilities. Some Linux distributors are already distributing new packages.

Source for DHCP is available to download (direct download), under the terms of the ISC License, a BSD-style licence.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.