Bug 725364 - (CVE-2011-2716) CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options
CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20110318,reported=2...
: Security
Depends On: 731347 768083 772473 790335 800293 802089
Blocks: 722974 742493 784298
  Show dependency treegraph
 
Reported: 2011-07-25 06:12 EDT by Tomas Hoger
Modified: 2015-08-19 05:11 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 06:07:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Novell 708527 None None None Never
Debian BTS 635548 None None None Never

  None (edit)
Description Tomas Hoger 2011-07-25 06:12:14 EDT
A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients.  This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters.  Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted.

This issue was tracked in bug #689832 for ISC dhclient (CVE-2011-0997), which also discussed few other affected clients.  This bug is created to track busybox's udhcpc separately.

Upstream bug report:
https://bugs.busybox.net/show_bug.cgi?id=3979

The busybox version in Red Hat Enterprise Linux 4 is not compiled with support for udhcpc.  Version shipped with Red Hat Enterprise Linux 5 and 6 include udhcpc and are affected.  However, udhcpc is not used in Red Hat Enterprise Linux.
Comment 1 Tomas Hoger 2011-07-27 07:32:31 EDT
(In reply to comment #0)

> Version shipped with Red Hat Enterprise Linux 5 and 6 include udhcpc and are
> affected.

To clarify the "affected" part...  udhcpc makes DHCP options supplied by the DHCP server available to the external script via environment variables.  The script can then configure DHCP options on the system in a platform specific way.  Red Hat Enterprise Linux busybox packages do not provide any such script. Example scripts that are part of the upstream busybox source tarball (examples/udhcp) do not set DHCP hostname on the system.
Comment 2 Tomas Hoger 2011-07-27 07:33:33 EDT
Statement:

(none)
Comment 3 Tomas Hoger 2011-08-17 08:11:44 EDT
Created busybox tracking bugs for this issue

Affects: fedora-all [bug 731347]
Comment 4 Jan Lieskovsky 2011-12-13 08:08:59 EST
Upstream patch:
[2] http://git.busybox.net/busybox/commit/?id=7280d2017d8075267a12e469983e38277dcf0374
Comment 9 errata-xmlrpc 2012-02-20 22:21:01 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0308 https://rhn.redhat.com/errata/RHSA-2012-0308.html
Comment 11 errata-xmlrpc 2012-06-20 03:16:11 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0810 https://rhn.redhat.com/errata/RHSA-2012-0810.html

Note You need to log in before you can comment on or make changes to this bug.