The versions of the ISC DHCP client in Debian 2.1 (slink)
and Debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team
reports that the client inappropriately executes commands embedded in replies
sent from a DHCP server. This means that a malicious DHCP server can execute
commands on the client with root privileges.
Note: this report has been superseded. Please consult the
Jul 28, 2000 report for further details.
