PATH problem in /lib/dhcp3-client/call-dhclient-script may lead to root compromise
Bug #334346 reported by
Fredrik "DXter" Jonsson
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dhcp3 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
A PATH problem in DHCP3 on Ubuntu may lead to a local root compromise if the user is in the dhcp group.
This bug is discovered by my dear friend David Jacoby, a Senior Security Research at the Swedish IT-security company TrueSec (www.truesec.com) as a proof of concept exploit.
Revision history for this message
| Fredrik "DXter" Jonsson (dxter) wrote | #1 |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #2 |
| Changed in dhcp3: | |
| status: | New → Won't Fix |
To post a comment you must log in.
Thanks for reporting this issue.
This issue is not present in Ubuntu 8.10 (Intrepid) and newer releases.
For older releases, as you said, a user needs to be added to the dhcp group. As such, I don't think this issue mandates a security update.
If you discover any other way of exploiting this without adding the user to the dhcp group, please feel free to re-open this bug.
Thank you.