DHCPCD字符扩充远程命令执行漏洞发布时间:2002-11-18 更新时间:2003-01-10 严重程度:中 威胁程度:普通用户访问权限 错误类型:输入验证错误 利用方式:客户机模式 BUGTRAQ ID:6200 受影响系统 Phystech dhcpcd 1.3.17 -pl2详细描述 dhcpcd是RFC2131和RFC1541兼容的DHCP客户端守护程序,以ROOT方式在客户端运行。 当分配IP地址给网络接口的时候,dhcpcd会执行外部脚本'/sbin/dhcpd-<interface>.exe'。这个是个可选配置文件。此脚本使用来自'/var/lib/dhcpcd/dhcpcd-<interface>.info'的值,此值由DHCP服务器提供。由于客户端对数据缺少检查,DHCP服务器可能使用';'和'|'等字符在客户端执行任意命令。 测试代码 尚无 解决方案 删除'/sbin/dhcpd-<interface>.exe'脚本。 补丁下载: Phystech dhcpcd 1.3.17 -pl2: Debian Upgrade dhcpcd_1.3.17pl2-8.1_sparc.deb http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_sparc.deb Debian Upgrade dhcpcd_1.3.17pl2-8.1_powerpc.deb http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_powerpc.deb Debian Upgrade dhcpcd_1.3.17pl2-8.1_m68k.deb http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_m68k.deb Debian Upgrade dhcpcd_1.3.17pl2-8.1_i386.deb http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_i386.deb Debian Upgrade dhcpcd_1.3.17pl2-8.1_arm.deb http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_arm.deb Debian Upgrade dhcpcd_1.3.17pl2-8.1_alpha.deb http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_alpha.deb Phystech dhcpcd 1.3.22 -pl1: Phystech Upgrade dhcpcd-1.3.22-pl2 http://www.phystech.com/download/ Phystech Upgrade dhcpcd-1.3.22-pl3 http://www.phystech.com/download/ Conectiva RPM dhcpcd-1.3.22pl3-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/dhcpcd-1.3.22pl3-1U60_2cl.i386.rpm Conectiva RPM dhcpcd-1.3.22pl3-1U60_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/dhcpcd-1.3.22pl3-1U60_2cl.src.rpm Conectiva RPM dhcpcd-1.3.22pl3-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/dhcpcd-1.3.22pl3-1U70_1cl.i386.rpm Conectiva RPM dhcpcd-1.3.22pl3-1U70_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/dhcpcd-1.3.22pl3-1U70_1cl.src.rpm Conectiva RPM dhcpcd-1.3.22pl3-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/dhcpcd-1.3.22pl3-1U80_1cl.i386.rpm Conectiva RPM dhcpcd-1.3.22pl3-1U80_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/dhcpcd-1.3.22pl3-1U80_1cl.src.rpm MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Linux-Mandrake 7.2 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0/PPC MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.ia64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1/IA64 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Multi Network Firewall 8.2 MandrakeSoft RPM dhcpcd-1.3.22pl4-1.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Single Network Firewall 7.2 相关信息 参考:http://online.securityfocus.com/advisories/4842 http://online.securityfocus.com/advisories/4695 http://online.securityfocus.com/advisories/4830 http://online.securityfocus.com/advisories/4858 相关站点:http://www.phystech.com/download/dhcpcd.htm |
