Mandrake Linux Security Advisory : dhcp (MDKSA-2000:013)
High Nessus Plugin ID 61811
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely.
The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client.
SolutionUpdate the affected dhcp and / or dhcp-client packages.