ISC’s DHCP client can be used as a delivery vector for bash bug

As most of our visitors are already aware, this week saw the disclosure of a very serious security flaw in the “Bourne-again Shell”, bash. (see: CVE-2014-6271, and CVE-2014-7169)

The flaw allows remote execution of arbitrary commands by the shell if an attacker can cause data to be passed to the shell as the value of a shell environment variable.

Despite reports to the contrary saying that a 2011 change (CVE-2011-0997) to dhclient prevents exploitation of this flaw, ISC has confirmed that the DHCP client provided as a part of ISC DHCP can be used to exploit the bash vulnerability if the operator of a rogue DHCP server passes a specially constructed value as the payload of a DHCP option field.

For this and many other reasons, all users running a vulnerable version of bash are advised to update to a secured version as quickly as possible.

Postscript:  Readers will naturally want to know whether other ISC products can be used to exploit this condition. We know of no vulnerability in the ISC DHCP server or in BIND that can be used as a vector to exploit the bash flaw. We nevertheless strongly recommend that the best course of action is to upgrade to a secure version of bash due to the seriousness of this flaw.



Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Last modified: September 27, 2014 at 1:51 pm