A bug in a popular Linux DHCP client can allow a rouge DHCP server to remotely execute malicious code, says Internet Systems Consortium (ISC) in an advisory recently.

According to ISC, which makes the dhclient software, attackers can use a rogue DHCP server to send the malicious hostname replies containing shellcode. Because the dhclient doesn’t block certain shell meta characters in dhcpd responses, an attacker consequently can remotely execute the shellcode on the client system.

There are no known active exploits in the wild, but administrators should perform pre-emptive actions by upgrading to 3.1-ESV-R1, 4.1-ESV-R2 or 4.2.1-P1. There is no patch available for 4.0.x as it is already end-of-life. Anyone running 4.1.x should upgrade to 4.1-ESV-R2, says ISC.

The dhclient software is found in most Linux, FreeBSD, Unix and other Unix-like platforms. Microsoft Windows and Mac OS X do not use the software.

You can read the full-text of the ISC advisory here.