Back to search
CVE-2011-0997
Published: Apr 8, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
47176
vdb-entry
x_refsource_BID
ADV-2011-0886
vdb-entry
x_refsource_VUPEN
44103
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0840
vendor-advisory
x_refsource_REDHAT
44037
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=689832
x_refsource_CONFIRM
ADV-2011-0926
vdb-entry
x_refsource_VUPEN
HPSBMU02752
vendor-advisory
x_refsource_HP
44127
third-party-advisory
x_refsource_SECUNIA
MDVSA-2011:073
vendor-advisory
x_refsource_MANDRIVA
SSRT100802
vendor-advisory
x_refsource_HP
ADV-2011-0909
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:12812
vdb-entry
signature
x_refsource_OVAL
71493
vdb-entry
x_refsource_OSVDB
44090
third-party-advisory
x_refsource_SECUNIA
44048
third-party-advisory
x_refsource_SECUNIA
FEDORA-2011-4934
vendor-advisory
x_refsource_FEDORA
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
x_refsource_CONFIRM
iscdhcp-dhclient-command-execution(66580)
vdb-entry
x_refsource_XF
ADV-2011-0879
vdb-entry
x_refsource_VUPEN
VU#107886
third-party-advisory
x_refsource_CERT-VN
1025300
vdb-entry
x_refsource_SECTRACK
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
x_refsource_CONFIRM
SSA:2011-097-01
vendor-advisory
x_refsource_SLACKWARE
ADV-2011-1000
vdb-entry
x_refsource_VUPEN
ADV-2011-0915
vdb-entry
x_refsource_VUPEN
ADV-2011-0965
vdb-entry
x_refsource_VUPEN
37623
exploit
x_refsource_EXPLOIT-DB
GLSA-201301-06
vendor-advisory
x_refsource_GENTOO
44180
third-party-advisory
x_refsource_SECUNIA
DSA-2217
vendor-advisory
x_refsource_DEBIAN
USN-1108-1
vendor-advisory
x_refsource_UBUNTU
DSA-2216
vendor-advisory
x_refsource_DEBIAN
FEDORA-2011-4897
vendor-advisory
x_refsource_FEDORA
RHSA-2011:0428
vendor-advisory
x_refsource_REDHAT
44089
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now