A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. This issue was tracked in bug #689832 for ISC dhclient (CVE-2011-0997), which also discussed few other affected clients. This bug is created to track busybox's udhcpc separately. Upstream bug report: https://bugs.busybox.net/show_bug.cgi?id=3979 The busybox version in Red Hat Enterprise Linux 4 is not compiled with support for udhcpc. Version shipped with Red Hat Enterprise Linux 5 and 6 include udhcpc and are affected. However, udhcpc is not used in Red Hat Enterprise Linux.
(In reply to comment #0) > Version shipped with Red Hat Enterprise Linux 5 and 6 include udhcpc and are > affected. To clarify the "affected" part... udhcpc makes DHCP options supplied by the DHCP server available to the external script via environment variables. The script can then configure DHCP options on the system in a platform specific way. Red Hat Enterprise Linux busybox packages do not provide any such script. Example scripts that are part of the upstream busybox source tarball (examples/udhcp) do not set DHCP hostname on the system.
Statement: (none)
Created busybox tracking bugs for this issue Affects: fedora-all [bug 731347]
Upstream patch: [2] http://git.busybox.net/busybox/commit/?id=7280d2017d8075267a12e469983e38277dcf0374
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0308 https://rhn.redhat.com/errata/RHSA-2012-0308.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0810 https://rhn.redhat.com/errata/RHSA-2012-0810.html