gcp-dhcp-takeover-code-exec icon indicating copy to clipboard operation
gcp-dhcp-takeover-code-exec copied to clipboard

Published 20 hours ago verified publisher icon irsl

How about responsible disclosure too ALL parties involved?

Open marka63 opened this issue 3 years ago • 2 comments

marka63 avatar Jun 30 '21 06:06 marka63

I was considering to contact ISC, and even though their implementation could rely on additional entropy sources, I still think this is not a vulnerability in dhclient, but rather in the special setup of GCP.

irsl avatar Jun 30 '21 08:06 irsl

There's dhcp#197 submitted for this on ISC systems. It's unfortunate we weren't notified about this earlier.

tomaszmrugalski avatar Jun 30 '21 18:06 tomaszmrugalski