[Dnsmasq-discuss] Shellshock.
Simon Kelley
simon at thekelleys.org.uk
Fri Sep 26 21:14:20 BST 2014
This is just a heads-up that if you're using the --dhcp-script option in
dnsmasq, and the script you're calling is being interpreted by bash,
then you're affected by the shellshock bug.
The bug allows execution of arbitrary code contained in the values of
environment variables, and there are several variables in the
environment inherited by the DHCP script whose values can be set
directly by a DHCP client, so any DHCP client on your network (or
elsewhere, if your firewall allows) can execute arbitrary shellcode,
probably as root, with a simple DHCP request.
The fix, of course, is to update bash.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list