SuSE IfUp-DHCP Script Remote Arbitrary Command Execution Vulnerability

ifup-dhcp is part of the sysconfig package included with SuSE Linux. It is freely available, and open source.

It is possible to remotely execute commands on a system using the ifup-dhcp script. Due to insufficient handling of input by the ifup-dhcp script, it is possible to send custom-crafted packets to a vulnerable host that will be interpreted as commands. This could allow an attacker to execute commands as the user executing the ifup-dhcp script (typically root).


 

Privacy Statement
Copyright 2010, SecurityFocus