[klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options

Josh Bressers bressers at redhat.com
Thu May 19 11:47:15 PDT 2011


----- Original Message -----
> Related to CVE-2011-0997
> 
> ipconfig vulnerability for malicious dhcpd if $DNSDOMAIN is later
> used unquoted, than proof of concept involves
> DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)"
> 
> fix:
> http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=46a0f831582629612f0ff9707ad1292887f26bff
> will be part of the just to be released klibc-1.5.22
> 

Please use CVE-2011-1930.

Thanks.

-- 
    JB



More information about the klibc mailing list