pfSense DHCP Script Injection Vulnerability
- Published: 28 Jul 2008
pfSense DHCP Script Injection Vulnerability
Share
Type
- pfSense – DHCP Script Injection Vulnerability
Severity
- High
Affected products
- pfSense Open Source Firewall
Date
- 2008-07-28
CVE Reference
- N/A
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. As a result of the research conducted to produce the paper Behind Enemy Lines it was discovered that the pfSense firewall 1.0.1 administrative web interface is vulnerable to a DHCP script injection attack. An attack could be crafted to execute commands on the target system with root privileges through the exec.php script provided by the administrative web interface. To resolve this vulnerability it is recommended that the software be upgraded to the latest available version.