Sebastian Krahmer of the SUSE security team noticed that DHCP clients fail to
sanitize certain values supplied by DHCP servers during the DHCP communication.
The example of such value is hostname configured on the DHCP client. Various
scripts assume hostname is trusted and do not sufficiently escape or quote it.
Malicious DHCP server can use this to execute arbitrary code on the DHCP client
by supplying a specially-crafted hostname.
Fixed for our current stable in 3.1-ESV (http://ftp.isc.org/isc/dhcp/dhcp-3.1-ESV-R1-RELNOTES), for testing in 4.2.1-P1 (http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-P1-RELNOTES)
ive added dhcp-4.2.1_p1 to the tree. someone else can handle dhcp-3.x.
Please punt vulnerable versions.
Updated existing GLSA draft to include this.
This issue was resolved and addressed in
GLSA 201301-06 at http://security.gentoo.org/glsa/glsa-201301-06.xml
by GLSA coordinator Stefan Behte (craig).