Problem Description:
The rtsol(8) and rtsold(8) programs do not validate the domain
search list options provided in router advertisement messages; the
option body is passed to resolvconf(8) unmodified.
resolvconf(8) is a shell script which does not validate its input.
A lack of quoting meant that shell commands pass as input to
resolvconf(8) may be executed.
Impact:
Systems running rtsol(8) or rtsold(8) are vulnerable to remote
code execution from systems on the same network segment. In
particular, router advertisement messages are not routable and
should be dropped by routers, so the attack does not cross network
boundaries.