Specially crafted DHCP servers can take control of a PC if the PC is running the DHCP client supplied by the Internet Systems Consortium (ISC) (dhclient). This is the default set-up in Ubuntu, BSD and many other Linux distributions. According to an ISC advisory, the vulnerability is based on a buffer overflow that allows attackers to inject arbitrary code into a system and execute it at root level. The buffer overflow can be triggered in the script_write_params method using excessively long server-supplied subnet masks.

Link to original article

There are no related posts to this one. Have some randomness:

• May 23, 2009 -- Free Software becomes European Election issue (0)
• May 11, 2009 -- The Thin Line Between Victim and Idiot (0)
• October 21, 2009 -- IBM, Canonical Put Windows 7 in Their Crosshairs (0)
• October 28, 2009 -- Finally! SecDef signs Clarifying Guidance Regarding Open Source Software (0)
• November 11, 2009 -- Why SAP is a sap (0)