[klibc] CVE request: klibc: ipconfig sh script with unescaped DHCP options

maximilian attems max at stro.at
Wed May 18 01:44:04 PDT 2011

Related to CVE-2011-0997

ipconfig vulnerability for malicious dhcpd if $DNSDOMAIN is later
used unquoted, than proof of concept involves
DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)"

will be part of the just to be released klibc-1.5.22


More information about the klibc mailing list