Secure testing team - May 2012 - Bug#672232: isc-dhcp-client: client requests (and applies) properties, though removed from the request int the config

Package: isc-dhcp-client
Version: 4.2.2.dfsg.1-5
Severity: important
Tags: security


Hi.

It seems that the client requests (and applies) settings, even though they were
removed
from /etc/dhcp/dhclient.conf.
e.g. below, I removed domain-search, nevertheless, the value from the dhcp
server is written
to resolv.conf.

Given that this affects DNS a rogue DHCP server could easily use this for
attacks.

Cheers,
Chris.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.15-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages isc-dhcp-client depends on:
ii  debianutils      4.3
ii  iproute          20120319-1
ii  isc-dhcp-common  4.2.2.dfsg.1-5
ii  libc6            2.13-32

isc-dhcp-client recommends no packages.

Versions of packages isc-dhcp-client suggests:
ii  avahi-autoipd  <none>
ii  resolvconf     1.65

-- Configuration Files:
/etc/dhcp/dhclient.conf changed:
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes, ntp-servers;


-- no debconf information