Shellshock DHCP client exploitation
Over this week the infosec community are busy in testing the bash shellshock vulnerability. Geoff Walton a senior security consultant for TrustedSec have posted the way to exploit the bash bug in the DHCP protocol. the DHCP is widely used in most network to assign IP addresses and provide network configuration to servers and operating system.
DHCP bash shellshock POC shows that it will be possible to execute command on remote hosts regardless of the operating system client. in the demo Geoff used DHCP server to change the configuration of the DHCP client and he applied to the client dhcp-parameter-request-list.
Bash shellshock is an old vulnerability that was discovered only this week and it is possible use it for exploiting any system that runs bash shell script this include linux/unix , Mac or even windows with cygwin that have the bash shell integrated. It is important to update your bash version to fix this critical security vulnerability.