PATH problem in /lib/dhcp3-client/call-dhclient-script may lead to root compromise
Bug #334346 reported by
Fredrik "DXter" Jonsson
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dhcp3 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
A PATH problem in DHCP3 on Ubuntu may lead to a local root compromise if the user is in the dhcp group.
This bug is discovered by my dear friend David Jacoby, a Senior Security Research at the Swedish IT-security company TrueSec (www.truesec.com) as a proof of concept exploit.
To post a comment you must log in.
Thanks for reporting this issue.
This issue is not present in Ubuntu 8.10 (Intrepid) and newer releases.
For older releases, as you said, a user needs to be added to the dhcp group. As such, I don't think this issue mandates a security update.
If you discover any other way of exploiting this without adding the user to the dhcp group, please feel free to re-open this bug.
Thank you.