Bug#635548: Affected by variant of CVE-2011-0097
27.07.2011 00:52, Moritz Muehlenhoff wrote:
> Package: udhcpc
> Severity: grave
> Tags: security
>
> Dear Busybox maintainers,
> it was discovered that busybox's udhcpc is also affected by
> https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Interesting.
How about checking various IP addresses for 127.0.0.0/8 range?
I mean, a rogue DHCP server may assign some 127.1.2.3/24
address to the client, and try to bypass some "non-localhost"
restrictions on it. Should we try to detect and filter these
too?
And what if we're a (small) LAN connected to an ISP which uses
DHCP, and assigns an address from our own LAN to their end?
Shouldn't this all be filtered/checked in the script that gets
called by the server? But wait, there are many unsuspecting
scripts out there already... :(
I'll take a look what can be done with this.
Thanks!
/mjt
Reply to: