Bug 362453 (CVE-2011-0997)

Summary:	<net-misc/dhcp-4.2.1_p1: Hostname sanitation failure (CVE-2011-0997)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	alexanderyt, base-system
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=689832
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2011-04-07 15:22:22 UTC

From $URL:
Sebastian Krahmer of the SUSE security team noticed that DHCP clients fail to
sanitize certain values supplied by DHCP servers during the DHCP communication.
 The example of such value is hostname configured on the DHCP client.  Various
scripts assume hostname is trusted and do not sufficiently escape or quote it. 
Malicious DHCP server can use this to execute arbitrary code on the DHCP client
by supplying a specially-crafted hostname.

Fixed for our current stable in 3.1-ESV (http://ftp.isc.org/isc/dhcp/dhcp-3.1-ESV-R1-RELNOTES), for testing in 4.2.1-P1 (http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-P1-RELNOTES)

Comment 1 SpanKY gentoo-dev

2011-04-07 23:48:52 UTC

ive added dhcp-4.2.1_p1 to the tree.  someone else can handle dhcp-3.x.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2011-10-11 20:05:54 UTC

Please punt vulnerable versions.

Comment 3 Sean Amoss (RETIRED) gentoo-dev

2012-11-09 00:48:37 UTC

Updated existing GLSA draft to include this.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2013-01-09 00:53:05 UTC

This issue was resolved and addressed in
 GLSA 201301-06 at http://security.gentoo.org/glsa/glsa-201301-06.xml
by GLSA coordinator Stefan Behte (craig).