Bug#635548: Affected by variant of CVE-2011-0097

To: Moritz Muehlenhoff <jmm@debian.org>, 635548@bugs.debian.org
Subject: Bug#635548: Affected by variant of CVE-2011-0097
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Wed, 27 Jul 2011 01:39:28 +0400
Message-id: <[🔎] 4E2F3410.6080909@msgid.tls.msk.ru>
Reply-to: Michael Tokarev <mjt@tls.msk.ru>, 635548@bugs.debian.org
In-reply-to: <[🔎] 20110726205200.423.62819.reportbug@pisco.westfalen.local>
References: <[🔎] 20110726205200.423.62819.reportbug@pisco.westfalen.local>

27.07.2011 00:52, Moritz Muehlenhoff wrote:
> Package: udhcpc
> Severity: grave
> Tags: security
> 
> Dear Busybox maintainers,
> it was discovered that busybox's udhcpc is also affected by 
> https://www.isc.org/software/dhcp/advisories/cve-2011-0997 

Interesting.

How about checking various IP addresses for 127.0.0.0/8 range?
I mean, a rogue DHCP server may assign some 127.1.2.3/24
address to the client, and try to bypass some "non-localhost"
restrictions on it.  Should we try to detect and filter these
too?

And what if we're a (small) LAN connected to an ISP which uses
DHCP, and assigns an address from our own LAN to their end?

Shouldn't this all be filtered/checked in the script that gets
called by the server?  But wait, there are many unsuspecting
scripts out there already... :(

I'll take a look what can be done with this.

Thanks!

/mjt

Reply to:

References:
- Bug#635548: Affected by variant of CVE-2011-0097
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Bug#629146: Not reproducable (bug #629146)
Next by Date: Bug#635400: 20110725 snapshot of testing is not installable using dvd1: missing grub-pc
Previous by thread: Bug#635548: Affected by variant of CVE-2011-0097
Next by thread: [RFH] Summary of Debian Installer Team during Debcamp/Debconf
Index(es):
- Date
- Thread