CVE-2012-2248

Published: 27 November 2019

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

Priority

Low

CVSS 3 base score: 8.1

Status

Package Release Status
dhcp3
Launchpad, Ubuntu, Debian
Upstream Needs triage

isc-dhcp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
mdeslaur
In Ubuntu, the build directory is set to
PATH=/build/buildd/isc-dhcp-4.2.4/debian/tmp/usr/sbin.
since it is a top-level directory, the attacker would need to
be root to exploit this. Also, USN-1571-1 sets an explicit
PATH in dhclient-script, so it's likely we're not vulnerable at
all.

References

Bugs