icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ISC dhclient < 3.1-ESV-R1 / 4.1-ESV-R2 / 4.2.1-P1 Remote Code Execution

High

Synopsis

ISC dhclient does not strip or escape shell meta-characters, which can lead to remote code execution.

Description

ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server (like hostname) before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client.

Solution

Upgrade to 3.1-ESV-R1, 4.1-ESV-R2, or 4.2.1-P1, or later.