GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jan 09, 2013 2:26 am Post subject: [ GLSA 201301-04 ] dhcpcd: Arbitrary code execution |
|
|
Gentoo Linux Security Advisory
Title: dhcpcd: Arbitrary code execution (GLSA 201301-04)
Severity: high
Exploitable: remote
Date: January 09, 2013
Bug(s): #362459
ID: 201301-04
Synopsis
A vulnerability has been found in dhcpcd, allowing remote attackers
to execute arbitrary code on the DHCP client.
Background
dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP
client.
Affected Packages
Package: net-misc/dhcpcd
Vulnerable: < 5.2.12
Unaffected: >= 5.2.12
Architectures: All supported architectures
Description
A vulnerability has been discovered in dhcpcd. Please review the CVE
identifier referenced below for details.
Impact
The vulnerability might allow an attacker to execute arbitrary code on
the DHCP client.
Workaround
There is no known workaround at this time.
Resolution
All dhcpcd users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-5.2.12"
|
References
CVE-2011-0996 |
|