Debian Security Advisory

DSA-219-1 dhcpcd -- remote command execution

Date Reported:

31 Dec 2002

Affected Packages:

dhcpcd

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 6200.
In Mitre's CVE dictionary: CVE-2002-1403.

More information:

Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server.

This problem has been fixed in version 1.3.17pl2-8.1 for the old stable distribution (potato) and in version 1.3.22pl2-2 for the testing (sarge) and unstable (sid) distributions. The current stable distribution (woody) does not contain a dhcpcd package.

We recommend that you upgrade your dhcpcd package (on the client machine).

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1.dsc; http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1.diff.gz; http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.