Debian Security Advisory
dhcp client -- remote root exploit in dhcp client
- Date Reported:
- 28 Jun 2000
- Affected Packages:
- dhcp-client-beta, dhcp-client
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-0585.
- More information:
- The versions of the ISC DHCP client in Debian 2.1 (slink)
and Debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team
reports that the client inappropriately executes commands embedded in replies
sent from a DHCP server. This means that a malicious DHCP server can execute
commands on the client with root privileges.
Note: this report has been superseded. Please consult the Jul 28, 2000 report for further details.