7.5

CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Data is provided by the National Vulnerability Database (NVD)
IscDhcp Version3.0
IscDhcp Version3.0.1 Update-
IscDhcp Version3.0.1 Updaterc1
IscDhcp Version3.0.1 Updaterc10
IscDhcp Version3.0.1 Updaterc11
IscDhcp Version3.0.1 Updaterc12
IscDhcp Version3.0.1 Updaterc13
IscDhcp Version3.0.1 Updaterc14
IscDhcp Version3.0.1 Updaterc2
IscDhcp Version3.0.1 Updaterc5
IscDhcp Version3.0.1 Updaterc6
IscDhcp Version3.0.1 Updaterc7
IscDhcp Version3.0.1 Updaterc8
IscDhcp Version3.0.1 Updaterc9
IscDhcp Version3.0.2 Update-
IscDhcp Version3.0.2 Updateb1
IscDhcp Version3.0.2 Updaterc1
IscDhcp Version3.0.2 Updaterc2
IscDhcp Version3.0.2 Updaterc3
IscDhcp Version3.0.3 Update-
IscDhcp Version3.0.3 Updateb1
IscDhcp Version3.0.3 Updateb2
IscDhcp Version3.0.3 Updateb3
IscDhcp Version3.0.4 Update-
IscDhcp Version3.0.4 Updateb1
IscDhcp Version3.0.4 Updateb2
IscDhcp Version3.0.4 Updateb3
IscDhcp Version3.0.4 Updaterc1
IscDhcp Version3.0.5 Update-
IscDhcp Version3.0.5 Updaterc1
IscDhcp Version3.0.6 Updaterc1
IscDhcp Version3.1-esv
IscDhcp Version3.1.0 Update-
IscDhcp Version3.1.0 Updatea1
IscDhcp Version3.1.0 Updatea2
IscDhcp Version3.1.0 Updatea3
IscDhcp Version3.1.0 Updateb1
IscDhcp Version3.1.0 Updateb2
IscDhcp Version3.1.0 Updaterc1
IscDhcp Version3.1.1 Updaterc1
IscDhcp Version3.1.1 Updaterc2
IscDhcp Version3.1.2 Update-
IscDhcp Version3.1.2 Updateb1
IscDhcp Version3.1.2 Updaterc1
IscDhcp Version3.1.3 Update-
IscDhcp Version3.1.3 Updateb1
IscDhcp Version3.1.3 Updaterc1
IscDhcp Version4.1-esv Update-
IscDhcp Version4.1-esv Updaterc1
IscDhcp Version4.2.0 Update-
IscDhcp Version4.2.0 Updatea1
IscDhcp Version4.2.0 Updatea2
IscDhcp Version4.2.0 Updateb1
IscDhcp Version4.2.0 Updateb2
IscDhcp Version4.2.0 Updatep1
IscDhcp Version4.2.0 Updaterc1
IscDhcp Version4.2.1 Update-
IscDhcp Version4.2.1 Updateb1
IscDhcp Version4.2.1 Updaterc1
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version10.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 71.99% 0.986
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://marc.info/?l=bugtraq&m=133226187115472&w=2
Third Party Advisory
Mailing List
http://securitytracker.com/id?1025300
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/107886
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/47176
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=689832
Patch
Third Party Advisory
Issue Tracking
https://www.exploit-db.com/exploits/37623/
Third Party Advisory
VDB Entry