[pkg-dhcp-devel] Bug#690532: Bug#690532: CVE-2012-2248: backdoor for user "zero79" due to dhclient’s hook $PATH
Michael Gilbert
mgilbert at debian.org
Mon Oct 15 19:01:54 UTC 2012
control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH
On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote:
> All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as "samba" when the
> samba package is installed, are called with a PATH environment variable
> containing this:
Using the term "backdoor" is inappropriate and quite misleading as it
implies malicious activity. The issue is actually a build system
sanitization issue.
Best wishes,
Mike
More information about the pkg-dhcp-devel
mailing list