14 DAY TRIAL // The Internet Systems Consortium (ISC) has released an updated version of its DHCP implementation in order to resolve a vulnerability that could allow attackers to execute arbitrary code remotely.
ISC DHCP is the most widely used open source implementation of the Dynamic Host Configuration Protocols and is included by default in many Linux distributions.
The vulnerability patched in the newly released ISC DHCP 3.1-ESV-R1, 4.1-ESV-R2 and 4.2.1-P1, affects the DHCP client component, dhclient.
It is the result of failure to escape certain meta-characters encountered in DHCP responses. An attacker with control of the DHCP server could send malicious responses that would lead to remote code execution on the client.
"ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server (like hostname) before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client," the ISC explains in its advisory.
Identified as CVE-2011-0997, the vulnerability has a CVSS base score of 6.8 out of 10. ISC credits Sebastian Krahmer and Marius Tomaschewski from the SUSE Security Team with reporting it.
There are also some workarounds available. For SUSE systems, setting DHCLIENT_SET_HOSTNAME="no" in /etc/sysconfig/network/dhcp, while for others adding the new_host_name=${new_host_name//[^-.a-zA-Z0-9]/} to dhclient-script at the beginning of the set_hostname() function.
Users can download the patched DHCP source packages from ISC's download page or receive them through their operating system's own distribution mechanism, when they become available.
The Internet Systems Consortium is a non-profit corporation which maintains several open source software applications critical to the Internet infrastructure, like the BIND DNS server. The organization also operates one of the Internet's 13 root name servers.