Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0997

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-0997
Last Modified 21 Aug 2013 11:40:51
Published 08 Apr 2011 11:17:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0997

Summary

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Vulnerable Systems

Application

  • Isc Dhcp 3.0

  • Isc Dhcp 3.0.1

  • Isc Dhcp 3.0.2

  • Isc Dhcp 3.0.3

  • Isc Dhcp 3.0.4

  • Isc Dhcp 3.0.5

  • Isc Dhcp 3.0.6

  • Isc Dhcp 3.1-esv

  • Isc Dhcp 3.1.0

  • Isc Dhcp 3.1.1

  • Isc Dhcp 3.1.2

  • Isc Dhcp 3.1.3

  • Isc Dhcp 4.1-esv

  • Isc Dhcp 4.2.0

  • Isc Dhcp 4.2.1


References

CERT-VN - VU#107886

CONFIRM - https://www.isc.org/software/dhcp/advisories/cve-2011-0997

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=689832

XF - iscdhcp-dhclient-command-execution(66580)

VUPEN - ADV-2011-1000

VUPEN - ADV-2011-0965

VUPEN - ADV-2011-0926

VUPEN - ADV-2011-0915

VUPEN - ADV-2011-0909

VUPEN - ADV-2011-0886

VUPEN - ADV-2011-0879

UBUNTU - USN-1108-1

BID - 47176

REDHAT - RHSA-2011:0840

REDHAT - RHSA-2011:0428

OSVDB - 71493

MANDRIVA - MDVSA-2011:073

DEBIAN - DSA-2217

DEBIAN - DSA-2216

SLACKWARE - SSA:2011-097-01

SECTRACK - 1025300

SECUNIA - 44180

SECUNIA - 44127

SECUNIA - 44103

SECUNIA - 44090

SECUNIA - 44089

SECUNIA - 44048

SECUNIA - 44037

FEDORA - FEDORA-2011-4934

FEDORA - FEDORA-2011-4897

HP - SSRT100802

HP - HPSBMU02752

GENTOO - GLSA-201301-06

Related Patches

Novell SUSE 2011:7456 dhcp security update for SLE 10 SP3 i586

Novell SUSE 2011:7456 dhcp security update for SLE 10 SP3 x86_64


Last Updated: 27 May 2016 10:51:39