ISC DHCP: dhcpclient Remote execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 200907-12 / dhcp
||July 14, 2009
||July 14, 2009: 01
All supported architectures
A buffer overflow in dhclient as included in the ISC DHCP implementation
allows for the remote execution of arbitrary code with root privileges.
ISC DHCP is the reference implementation of the Dynamic Host
Configuration Protocol as specified in RFC 2131.
The Mandriva Linux Engineering Team has reported a stack-based buffer
overflow in the subnet-mask handling of dhclient.
A remote attacker might set up a rogue DHCP server in a victim's local
network, possibly leading to the execution of arbitrary code with root
There is no known workaround at this time.
All ISC DHCP users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcp-3.1.1-r1"