ESET Ireland

* Alert     * Print     * Post comment     * Retweet     * Facebook  Beware of rogue meta-characters  By Dan Goodin in San Francisco • Get more from this author  Posted in Enterprise Security, 7th April 2011 00:21 GMT  The makers of the internet’s most popular open source DHCP program have warned that it’s vulnerable to hacks that allow attackers to remotely execute malicious code on underlying machines.  The flaw, which is present in Internet Systems Consortium’s DHCP versions prior to 3.1-ESV-R1, 4.1-ESV-R2, and 4.2.1-P1, stems from the program’s failure to block commands that contain certain meta-characters. The vulnerability makes it possible for rogue servers on a targeted network to remotely execute malicious code on the client, the non-profit ISC warned on Tuesday.  ISC advises users to upgrade. Users can in some cases follow workarounds, which include disabling hostname updates or configuring their systems to access only legitimate DHCP servers in settings where access control lists are in place.  Short for Dynamic Host Configuration Protocol, DHCP is a system for automatically assigning computers IP addresses on a given network and helping administrators to keep track of those assignments. ISC says its DHCP program is the most widely used open source DHCP implementation on the Internet.  Sophos has more about the vulnerability here. ®      * 12 commentsPost a comment   Related stories      * Hacker warning over internet-connected HDTVs (16 December 2010)     * Nominum on the back foot over open source attacks (2 October 2009)     * New DNS trojan taints entire LAN from single box (16 March 2009)     * New trojan in mass DNS hijack (5 December 2008)  Whitepapers A Guide to the Cloud Career Opportunity for IT Pros  Read this whitepaper and see how cloud computing has already started to change the way organisations think about theіr approach to IT. BitDefender Business Solutions v3.5 at a Glance  his paper explores all that’s new with BitDefender’s Centralized Management solution. BitDefender Business Solutions v3.5  Secure network entry points with layers of protection using BitDefender Business Solutions v3.5. Proactive Protection Against New and Emerging Threats  This white paper explains why such protection is necessary for corporate networks and provides a technological overview of the detection methodologies used by BitDefender solutions. Corporate Anti-Malware Evolves  This solution brief outlines the five key value propositions of this integration with highlights of the functionality and how to simplify and streamline IT operations with minimal investment. Search more Resources Most read     1. Popular open source DHCP program open to hack attacks    2. McAfee recovers from Sesame Street email filter mix-up    3. Israel mulls creation of elite counter-cyberterrorist unit    4. IBM sniffs around Fortinet    5. Anonymous collective begins leaking Bank of America emails  Sign up, sign up for The Register’s weekly IT security newsletter – click here Elon Musk outstrips the established rocket industry, eyes mars missions  Biggest lifter in the world to fly by 2013 Popular Whitepapers      * Proactive Protection Against New and Emerging Threats       Solution Brief     * New Wave in Data Center Cooling?       A Register HPC Webcast     * Corporate Anti-Malware Evolves       Solution Brief     * HPC trends: Where We Are, Where We’re Going       HPC Channel Webcast – January 2011     * HPC Advisory Council: Bridging the gap between potential and performance       How to pimp your supercomputer     * Webcast: Student Cluster Competition 2011       A Register HPC Webcast  Mythbusters: Exclusive Reg interview  Seeking truth through high explosives Sponsored links      * Win an iPAD with ScaleMP     * Perspectives on software quality: customer webcast     * Official Microsoft Online Training – Start training in less than 30 minutes