klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution

EDB-ID:

35785




Platform:

Linux

Date:

2011-05-18


source: https://www.securityfocus.com/bid/47924/info

klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary shell commands in the context of the application that uses the vulnerable library.

Versions prior to klibc 1.5.22 are vulnerable.

DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)"