fkie_cve-2011-0997
Vulnerability from fkie_nvd
Published
2011-04-08 15:17
Modified
2025-04-11 00:51
Severity ?
Summary
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
References
cve@mitre.orghttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=133226187115472&w=2Mailing List, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=133226187115472&w=2Mailing List, Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44037Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44048Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44089Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44090Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44103Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44127Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/44180Third Party Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
cve@mitre.orghttp://securitytracker.com/id?1025300Third Party Advisory, VDB Entry
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2216Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2217Third Party Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/107886Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:073Third Party Advisory
cve@mitre.orghttp://www.osvdb.org/71493Broken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0428.htmlThird Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0840.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/47176Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1108-1Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0879Permissions Required
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0886Permissions Required
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0909Permissions Required
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0915Permissions Required
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0926Permissions Required
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0965Permissions Required
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/1000Permissions Required
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=689832Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/66580Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/37623/Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.isc.org/software/dhcp/advisories/cve-2011-0997Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133226187115472&w=2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133226187115472&w=2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44037Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44048Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44089Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44090Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44103Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44127Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44180Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201301-06.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1025300Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2216Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2217Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/107886Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:073Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/71493Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0428.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0840.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47176Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1108-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0879Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0886Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0909Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0915Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0926Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0965Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/1000Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=689832Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66580Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37623/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.isc.org/software/dhcp/advisories/cve-2011-0997Patch, Vendor Advisory
Impacted products
Vendor Product Version
isc dhcp 3.0
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.1
isc dhcp 3.0.2
isc dhcp 3.0.2
isc dhcp 3.0.2
isc dhcp 3.0.2
isc dhcp 3.0.2
isc dhcp 3.0.3
isc dhcp 3.0.3
isc dhcp 3.0.3
isc dhcp 3.0.3
isc dhcp 3.0.4
isc dhcp 3.0.4
isc dhcp 3.0.4
isc dhcp 3.0.4
isc dhcp 3.0.4
isc dhcp 3.0.5
isc dhcp 3.0.5
isc dhcp 3.0.6
isc dhcp 3.1-esv
isc dhcp 3.1.0
isc dhcp 3.1.0
isc dhcp 3.1.0
isc dhcp 3.1.0
isc dhcp 3.1.0
isc dhcp 3.1.0
isc dhcp 3.1.0
isc dhcp 3.1.1
isc dhcp 3.1.1
isc dhcp 3.1.2
isc dhcp 3.1.2
isc dhcp 3.1.2
isc dhcp 3.1.3
isc dhcp 3.1.3
isc dhcp 3.1.3
isc dhcp 4.1-esv
isc dhcp 4.1-esv
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.0
isc dhcp 4.2.1
isc dhcp 4.2.1
isc dhcp 4.2.1
debian debian_linux 5.0
debian debian_linux 6.0
debian debian_linux 7.0
canonical ubuntu_linux 6.06
canonical ubuntu_linux 8.04
canonical ubuntu_linux 9.10
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
              "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
              "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
              "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
              "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
              "matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
              "matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
              "matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
              "matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
              "matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
              "matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
              "matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
              "matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
              "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
    },
    {
      "lang": "es",
      "value": "dhclient en ISC DHCP 3.0.x hasta la versi\u00f3n 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de anfitri\u00f3n obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitri\u00f3n dado por dhclient-script."
    }
  ],
  "id": "CVE-2011-0997",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-08T15:17:27.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44037"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44048"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44089"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44090"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44127"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1025300"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2217"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/107886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/71493"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/47176"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1108-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0879"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0909"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0926"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0965"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1000"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37623/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1025300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/107886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/71493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/47176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37623/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.