[klibc] CVE request: klibc: ipconfig sh script with unescaped DHCP options
maximilian attems
max at stro.at
Wed May 18 01:44:04 PDT 2011
Related to CVE-2011-0997
ipconfig vulnerability for malicious dhcpd if $DNSDOMAIN is later
used unquoted, than proof of concept involves
DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)"
fix:
http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff
will be part of the just to be released klibc-1.5.22
--
maks
More information about the klibc
mailing list