7.5

CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscDhcp Version3.0
IscDhcp Version3.0.1 Update-
IscDhcp Version3.0.1 Updaterc1
IscDhcp Version3.0.1 Updaterc10
IscDhcp Version3.0.1 Updaterc11
IscDhcp Version3.0.1 Updaterc12
IscDhcp Version3.0.1 Updaterc13
IscDhcp Version3.0.1 Updaterc14
IscDhcp Version3.0.1 Updaterc2
IscDhcp Version3.0.1 Updaterc5
IscDhcp Version3.0.1 Updaterc6
IscDhcp Version3.0.1 Updaterc7
IscDhcp Version3.0.1 Updaterc8
IscDhcp Version3.0.1 Updaterc9
IscDhcp Version3.0.2 Update-
IscDhcp Version3.0.2 Updateb1
IscDhcp Version3.0.2 Updaterc1
IscDhcp Version3.0.2 Updaterc2
IscDhcp Version3.0.2 Updaterc3
IscDhcp Version3.0.3 Update-
IscDhcp Version3.0.3 Updateb1
IscDhcp Version3.0.3 Updateb2
IscDhcp Version3.0.3 Updateb3
IscDhcp Version3.0.4 Update-
IscDhcp Version3.0.4 Updateb1
IscDhcp Version3.0.4 Updateb2
IscDhcp Version3.0.4 Updateb3
IscDhcp Version3.0.4 Updaterc1
IscDhcp Version3.0.5 Update-
IscDhcp Version3.0.5 Updaterc1
IscDhcp Version3.0.6 Updaterc1
IscDhcp Version3.1-esv
IscDhcp Version3.1.0 Update-
IscDhcp Version3.1.0 Updatea1
IscDhcp Version3.1.0 Updatea2
IscDhcp Version3.1.0 Updatea3
IscDhcp Version3.1.0 Updateb1
IscDhcp Version3.1.0 Updateb2
IscDhcp Version3.1.0 Updaterc1
IscDhcp Version3.1.1 Updaterc1
IscDhcp Version3.1.1 Updaterc2
IscDhcp Version3.1.2 Update-
IscDhcp Version3.1.2 Updateb1
IscDhcp Version3.1.2 Updaterc1
IscDhcp Version3.1.3 Update-
IscDhcp Version3.1.3 Updateb1
IscDhcp Version3.1.3 Updaterc1
IscDhcp Version4.1-esv Update-
IscDhcp Version4.1-esv Updaterc1
IscDhcp Version4.2.0 Update-
IscDhcp Version4.2.0 Updatea1
IscDhcp Version4.2.0 Updatea2
IscDhcp Version4.2.0 Updateb1
IscDhcp Version4.2.0 Updateb2
IscDhcp Version4.2.0 Updatep1
IscDhcp Version4.2.0 Updaterc1
IscDhcp Version4.2.1 Update-
IscDhcp Version4.2.1 Updateb1
IscDhcp Version4.2.1 Updaterc1
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version10.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 84.29% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=bugtraq&m=133226187115472&w=2
Third Party Advisory
Mailing List
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/44037
Third Party Advisory
http://secunia.com/advisories/44048
Third Party Advisory
http://secunia.com/advisories/44089
Third Party Advisory
http://secunia.com/advisories/44090
Third Party Advisory
http://secunia.com/advisories/44103
Third Party Advisory
http://secunia.com/advisories/44127
Third Party Advisory
http://secunia.com/advisories/44180
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201301-06.xml
Third Party Advisory
http://securitytracker.com/id?1025300
Third Party Advisory
VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345
Third Party Advisory
http://www.debian.org/security/2011/dsa-2216
Third Party Advisory
http://www.debian.org/security/2011/dsa-2217
Third Party Advisory
http://www.kb.cert.org/vuls/id/107886
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:073
Third Party Advisory
http://www.osvdb.org/71493
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0428.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0840.html
Third Party Advisory
http://www.securityfocus.com/bid/47176
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1108-1
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0879
Permissions Required
http://www.vupen.com/english/advisories/2011/0886
Permissions Required
http://www.vupen.com/english/advisories/2011/0909
Permissions Required
http://www.vupen.com/english/advisories/2011/0915
Permissions Required
http://www.vupen.com/english/advisories/2011/0926
Permissions Required
http://www.vupen.com/english/advisories/2011/0965
Permissions Required
http://www.vupen.com/english/advisories/2011/1000
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=689832
Patch
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/66580
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812
Third Party Advisory
https://www.exploit-db.com/exploits/37623/
Third Party Advisory
VDB Entry
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Patch
Vendor Advisory