Matt Mossholder on 26 Sep 2014 08:53:23 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security

On Fri, Sep 26, 2014 at 11:44 AM, Rich Freeman <> wrote:
DHCP clients don't choose servers.  They send a broadcast and accept
whatever replies they get.  Of course, only a host on the local subnet
can respond to a broadcast.

So, if somebody can get onto the same subnet as your webserver, and
its DHCP client is vulnerable (implementation-specific), then it could
potentially be compromised.

Again, it is more of a risk for things like laptops that frequent
foreign networks.  I suspect systemd-networkd is immune since it tends
to avoid using bash for anything, but I am not certain on that.  They
were just bragging about how their DHCP process executes in
milliseconds, and I can't imagine that they're using dhclient/etc to
accomplish that.


DHCP Clients do choose servers, but only from the set of servers that have responded to a DHCP Discover request.

The steps are:
1) Client sends out a discover request. (DISCOVER)
2) All DHCP servers that receive the request will respond back (OFFER)
3) The client will choose a server to respond to, and ask for a lease. (REQUEST)
4) The selected server replys back with a lease. (ACK)

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --