[pkg-dhcp-devel] Bug#690532: Bug#690532: Bug#690532: CVE-2012-2248: backdoor for user "zero79" due to dhclient’s hook $PATH
Michael Gilbert
mgilbert at debian.org
Mon Oct 15 19:13:26 UTC 2012
On Mon, Oct 15, 2012 at 3:01 PM, Michael Gilbert wrote:
> control: retitle -1 CVE-2012-2248: build system paths used in -DCLIENT_PATH
>
> On Mon, Oct 15, 2012 at 5:31 AM, Michael Stapelberg wrote:
>> All hooks in /etc/dhcp/dhclient-enter-hooks.d, such as "samba" when the
>> samba package is installed, are called with a PATH environment variable
>> containing this:
>
> Using the term "backdoor" is inappropriate and quite misleading as it
> implies malicious activity. The issue is actually a build system
> sanitization issue.
Also, to be fair, the same conclusions can be drawn on different
architectures for paths like /build/buildd-isc-dhcp-*:
https://buildd.debian.org/status/fetch.php?pkg=isc-dhcp&arch=i386&ver=4.2.4-2&stamp=1347600978
Best wishes,
Mike
More information about the pkg-dhcp-devel
mailing list