[Dnsmasq-discuss] Shellshock.

richardvoigt at gmail.com richardvoigt at gmail.com
Tue Sep 30 13:54:13 BST 2014


> Although, to be honest, although the DHCP vector is trivial to exploit
> [1], if the attacker can give you a bogus DHCP reply you've lost already.
>
> At this point, the attacker already has a full man-in-the-middle of all
> network traffic, and can easily launch invisible attacks on clients (e.g.
> cause a hidden iframe to appear to their metasploit server instance, insert
> cached scripts into the browser context, etc...).
>

You're looking at risks to the DHCP client.  This is the dnsmasq mailing
list, where we're concerned first about securing the DHCP *server* against
malicious clients.


>
>
> [1] the DHCP server on my test network has: option domain-name "() {
> ignored;}; /bin/touch pwnage ; (/bin/sleep 10; /bin/ping -c 10 10.128.0.2)
> & "; in its config
>

That's not valid syntax for a dnsmasq config.



>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140930/a2703e74/attachment-0001.html>


More information about the Dnsmasq-discuss mailing list