On Wed, 06 Apr 2011 14:01:58 EDT, Ryan Sears said: > https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Seems a tad buggy in the mitigation section:
new_host_name=${new_host_name//[^a-zA-Z0-9]/}
I suspect they wanted:
new_host_name=${new_host_name//[^-.a-zA-Z0-9]/}
Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your hostname
just became foobarbazexamplecom - whoops. Oh, and - just because that's valid
in a
hostname too...
pgpa7wKc0aa3E.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
