The Internet Systems Consortium (ISC), a non-profit company which develops BIND and dhcpd/dhclient, has announced a new remote code execution vulnerability present in its dhclient software.
If you only administer Windows and Macs you may not need to read on. Those of us with a proclivity for Linux, FreeBSD and other Unix or Unix-like platforms should take notice.
(Windows and OS X users - you can relax because neither operating system uses the ISC's dhclient software. Even though OS X is BSD-based, it uses an Apple utility called IPConfiguration.bundle as its DHCP client. )
The flaw (known as CVE-2011-0997) described in the advisory can be exploited by a rogue DHCP server, or a server that has been compromised to send out malicious responses.
More details - link
If you only administer Windows and Macs you may not need to read on. Those of us with a proclivity for Linux, FreeBSD and other Unix or Unix-like platforms should take notice.
(Windows and OS X users - you can relax because neither operating system uses the ISC's dhclient software. Even though OS X is BSD-based, it uses an Apple utility called IPConfiguration.bundle as its DHCP client. )
The flaw (known as CVE-2011-0997) described in the advisory can be exploited by a rogue DHCP server, or a server that has been compromised to send out malicious responses.
More details - link
