dhcp is vulnerable to arbitrary code execution. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option’s value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process.
kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html
marc.info/?l=bugtraq&m=133226187115472&w=2
secunia.com/advisories/44037
secunia.com/advisories/44048
secunia.com/advisories/44089
secunia.com/advisories/44090
secunia.com/advisories/44103
secunia.com/advisories/44127
secunia.com/advisories/44180
security.gentoo.org/glsa/glsa-201301-06.xml
securitytracker.com/id?1025300
slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345
www.debian.org/security/2011/dsa-2216
www.debian.org/security/2011/dsa-2217
www.kb.cert.org/vuls/id/107886
www.mandriva.com/security/advisories?name=MDVSA-2011:073
www.osvdb.org/71493
www.redhat.com/support/errata/RHSA-2011-0428.html
www.redhat.com/support/errata/RHSA-2011-0840.html
www.securityfocus.com/bid/47176
www.ubuntu.com/usn/USN-1108-1
www.vupen.com/english/advisories/2011/0879
www.vupen.com/english/advisories/2011/0886
www.vupen.com/english/advisories/2011/0909
www.vupen.com/english/advisories/2011/0915
www.vupen.com/english/advisories/2011/0926
www.vupen.com/english/advisories/2011/0965
www.vupen.com/english/advisories/2011/1000
access.redhat.com/errata/RHSA-2011:0428
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=689832
exchange.xforce.ibmcloud.com/vulnerabilities/66580
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812
www.exploit-db.com/exploits/37623/
www.isc.org/software/dhcp/advisories/cve-2011-0997