The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

threat alert CVE-2011-2717

dhcp6c: shell command injection

Synthesis of the vulnerability

An attacker owning a malicious DHCP server can return a special hostname, in order to inject a shell command in dhcp6c.
Severity of this bulletin: 2/4.
Creation date: 25/07/2011.
Références of this threat: CVE-2011-2717, VIGILANCE-VUL-10869.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Linux dhcp6c program queries a DHCP server, in order to obtain an IPv6 address and a computer name.

However, a malicious or corrupted DHCP server can return a computer name like:
  beginName`command`endName
  beginName;command;endName
As dhclient does not filter special shell characters, the shell command received from the server is run on the client.

An attacker owning a malicious DHCP server can therefore return a special hostname, in order to inject a shell command in dhcp6c.

This vulnerability is the same as VIGILANCE-VUL-10522 which impacts ISC dhclient.
Full Vigil@nce bulletin... (Free trial)

This computer vulnerability bulletin impacts software or systems such as Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of LAN.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat

Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer security analysis. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.