Article Source The H
July 15, 2009, 7:53 am
July 15, 2009, 7:53 am
Specially crafted DHCP servers can take control of a PC if the PC is running the DHCP client supplied by the Internet Systems Consortium (ISC) (dhclient). This is the default set-up in Ubuntu, BSD and many other Linux distributions. According to an ISC advisory, the vulnerability is based on a buffer overflow that allows attackers to inject arbitrary code into a system and execute it at root level. The buffer overflow can be triggered in the script_write_params method using excessively long server-supplied subnet masks…