Public bug reported: dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
CVE-2011-0996. This is how opensuse patches it(check out dhcpcd-3.2.3-option- checks.diff) in the following link :- https://build.opensuse.org/package/rdiff?linkrev=base&package=dhcpcd&project=network:dhcp&rev=31 Requires patch/debdiff for Ubuntu Maverick. ** Affects: dhcpcd (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0996 ** Description changed: dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. CVE-2011-0996. - This is how opensuse patches it => + This is how opensuse patches it(check out dhcpcd-3.2.3-option- + checks.diff) in the following link :- + https://build.opensuse.org/package/rdiff?linkrev=base&package=dhcpcd&project=network:dhcp&rev=31 Requires patch/debdiff for Ubuntu Maverick. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/931036 Title: dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/931036/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
