[pkg-dhcp-devel] Bug#762923: dhclient-script uses bash, allowing remote bash exploits
corsac at debian.org
Fri Sep 26 13:53:39 UTC 2014
On Fri, Sep 26, 2014 at 12:47:39PM +0200, Goswin von Brederlow wrote:
> Package: isc-dhcp-client
> Version: 4.2.4-7
> Severity: normal
> File: /sbin/dhclient-script
> Tags: security
> dhclient puts unchecked strings into environment variables for the
> dhclient-script and dhclient-script uses #!/bin/bash. This allows the
> recently found bash bugs to be exploited from remote.
> Given the many eyes now turning towards findings bugs in bash and
> building exploits with them it might be safer to fix those bashisms
> and switch dhclient-script over to #!/bin/sh.
> What do you think?
Actually, if you go that road, you would need to drop anything ever
calling python, perl, ruby or whatever language somehow remotely. Some
scripts might have good reasons to uses bash and bashisms (I'm not
saying that's the case here, but still).
What I find more concerning is to pass unchecked environment variable
directly from remote (or any input, actually).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: Digital signature
More information about the pkg-dhcp-devel