Short Name |
DHCP:EXPLOIT:SOLARIS-EXEC |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
DHCP |
Keywords |
Sun Solaris DHCP Client Command Execution |
Release Date |
2005/09/19 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects the transmission of a maliciously crafted DHCP server response. By supplying a shell command in the "Domain Name" option (Option 15), a malicious server could cause arbitrary commands to be executed on the client.
The DHCP client script '/lib/svc/method/net-svc' in Sun Solaris 10 contains an unspecified flaw that allows remote attackers to execute arbitrary code with superuser privileges. The exact cause of this vulnerability is unknown at this time. Attackers with the ability to respond to DHCP requests from vulnerable computers could exploit this vulnerability to execute arbitrary machine code with superuser privileges. The DHCP protocol utilizes UDP packets, allowing attackers to spoof addresses. This allows them to impersonate legitimate DHCP servers and to hide the true origin of attacks.