Monday, February 13, 2012

CVE-2011-0996 and dhcpcd

Debian did not seem to have any discussion/patches on this one; however a bit of searching showed me that opensuse had fixed the issue. As reading a patch file would be a lot better use of my time that trying to rediscover it by reading the source fully, I did a bit more of searching and found this(check out the dhcpcd-3.2.3-option-checks.diff file).

As the name suggests, check_domain_name does the domain name sanitizing, making sure you dont have anything other than alphabets, numbers and dots, no two consecutive dots, no "_" or "-" at the start of the domain name, a total length < 255. Inside check_dhcp_option you have the rootpath being checked for symbols of any kind. If the message type was a DHCP_DNSSEARCH, then you are going to need a sanitation check on each of the hostnames retrieved, and hence you have check_domain_name_list.

No comments:

Post a Comment