Debian Security Advisory

dhcp client -- remote root exploit in dhcp client

Date Reported:
28 Jun 2000
Affected Packages:
dhcp-client-beta, dhcp-client
Security database references:
In Mitre's CVE dictionary: CVE-2000-0585.
More information:
The versions of the ISC DHCP client in Debian 2.1 (slink) and Debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a DHCP server. This means that a malicious DHCP server can execute commands on the client with root privileges.

Note: this report has been superseded. Please consult the Jul 28, 2000 report for further details.