Security Information / 2000 / Security Information -- dhcp client

Debian Security Advisory

dhcp client -- remote root exploit in dhcp client

Date Reported:

28 Jun 2000

Affected Packages:

dhcp-client-beta, dhcp-client

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2000-0585.

More information:

The versions of the ISC DHCP client in Debian 2.1 (slink) and Debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a DHCP server. This means that a malicious DHCP server can execute commands on the client with root privileges.

Note: this report has been superseded. Please consult the Jul 28, 2000 report for further details.