ISC DHCP Client Remote Buffer Overflow Vulnerability

ISC's DHCP client is a standard unix dhcp client used by many hosts on the internet. The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client.


 

Privacy Statement
Copyright 2010, SecurityFocus