Thanks for reporting this issue.
This issue is not present in Ubuntu 8.10 (Intrepid) and newer releases.
For older releases, as you said, a user needs to be added to the dhcp
group. As such, I don't think this issue mandates a security update.
If you discover any other way of exploiting this without adding the user
to the dhcp group, please feel free to re-open this bug.
Thank you.
** Changed in: dhcp3 (Ubuntu)
Status: New => Won't Fix
--
PATH problem in /lib/dhcp3-client/call-dhclient-script may lead to root
compromise
https://bugs.launchpad.net/bugs/334346
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
