Scientific Linux Security Update : dhcp on SL4.x,SL5.x,SL6.x i386/x86_64
High Nessus Plugin ID 61014
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997)
SolutionUpdate the affected packages.