7.5
CVE-2011-0997
- EPSS 84.29%
- Veröffentlicht 08.04.2011 15:17:27
- Zuletzt bearbeitet 16.06.2026 23:28:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version10.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 84.29% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://marc.info/?l=bugtraq&m=133226187115472&w=2
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html
http://secunia.com/advisories/44037
http://secunia.com/advisories/44048
http://secunia.com/advisories/44089
http://secunia.com/advisories/44090
http://secunia.com/advisories/44103
http://secunia.com/advisories/44127
http://secunia.com/advisories/44180
http://security.gentoo.org/glsa/glsa-201301-06.xml
http://securitytracker.com/id?1025300
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345
http://www.debian.org/security/2011/dsa-2216
http://www.debian.org/security/2011/dsa-2217
http://www.kb.cert.org/vuls/id/107886
http://www.mandriva.com/security/advisories?name=MDVSA-2011:073
http://www.osvdb.org/71493
http://www.redhat.com/support/errata/RHSA-2011-0428.html
http://www.redhat.com/support/errata/RHSA-2011-0840.html
http://www.securityfocus.com/bid/47176
http://www.ubuntu.com/usn/USN-1108-1
http://www.vupen.com/english/advisories/2011/0879
http://www.vupen.com/english/advisories/2011/0886
http://www.vupen.com/english/advisories/2011/0909
http://www.vupen.com/english/advisories/2011/0915
http://www.vupen.com/english/advisories/2011/0926
http://www.vupen.com/english/advisories/2011/0965
http://www.vupen.com/english/advisories/2011/1000
https://bugzilla.redhat.com/show_bug.cgi?id=689832
https://exchange.xforce.ibmcloud.com/vulnerabilities/66580
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812
https://www.exploit-db.com/exploits/37623/
https://www.isc.org/software/dhcp/advisories/cve-2011-0997