Lucene search

[email protected]NVD:CVE-2011-0997

HistoryApr 08, 2011 - 3:17 p.m.

CVE-2011-0997

2011-04-0815:17:27

CWE-20

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Affected configurations

NVD

Node

iscdhcpMatch3.0

iscdhcpMatch3.0.1-

iscdhcpMatch3.0.1rc1

iscdhcpMatch3.0.1rc10

iscdhcpMatch3.0.1rc11

iscdhcpMatch3.0.1rc12

iscdhcpMatch3.0.1rc13

iscdhcpMatch3.0.1rc14

iscdhcpMatch3.0.1rc2

iscdhcpMatch3.0.1rc5

iscdhcpMatch3.0.1rc6

iscdhcpMatch3.0.1rc7

iscdhcpMatch3.0.1rc8

iscdhcpMatch3.0.1rc9

iscdhcpMatch3.0.2-

iscdhcpMatch3.0.2b1

iscdhcpMatch3.0.2rc1

iscdhcpMatch3.0.2rc2

iscdhcpMatch3.0.2rc3

iscdhcpMatch3.0.3-

iscdhcpMatch3.0.3b1

iscdhcpMatch3.0.3b2

iscdhcpMatch3.0.3b3

iscdhcpMatch3.0.4-

iscdhcpMatch3.0.4b1

iscdhcpMatch3.0.4b2

iscdhcpMatch3.0.4b3

iscdhcpMatch3.0.4rc1

iscdhcpMatch3.0.5-

iscdhcpMatch3.0.5rc1

iscdhcpMatch3.0.6rc1

iscdhcpMatch3.1-esv

iscdhcpMatch3.1.0-

iscdhcpMatch3.1.0a1

iscdhcpMatch3.1.0a2

iscdhcpMatch3.1.0a3

iscdhcpMatch3.1.0b1

iscdhcpMatch3.1.0b2

iscdhcpMatch3.1.0rc1

iscdhcpMatch3.1.1rc1

iscdhcpMatch3.1.1rc2

iscdhcpMatch3.1.2-

iscdhcpMatch3.1.2b1

iscdhcpMatch3.1.2rc1

iscdhcpMatch3.1.3-

iscdhcpMatch3.1.3b1

iscdhcpMatch3.1.3rc1

Node

iscdhcpMatch4.1-esv-

iscdhcpMatch4.1-esvrc1

iscdhcpMatch4.2.0-

iscdhcpMatch4.2.0a1

iscdhcpMatch4.2.0a2

iscdhcpMatch4.2.0b1

iscdhcpMatch4.2.0b2

iscdhcpMatch4.2.0p1

iscdhcpMatch4.2.0rc1

iscdhcpMatch4.2.1-

iscdhcpMatch4.2.1b1

iscdhcpMatch4.2.1rc1

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch10.10

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html

marc.info/?l=bugtraq&m=133226187115472&w=2

secunia.com/advisories/44037

secunia.com/advisories/44048

secunia.com/advisories/44089

secunia.com/advisories/44090

secunia.com/advisories/44103

secunia.com/advisories/44127

secunia.com/advisories/44180

security.gentoo.org/glsa/glsa-201301-06.xml

securitytracker.com/id?1025300

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345

www.debian.org/security/2011/dsa-2216

www.debian.org/security/2011/dsa-2217

www.kb.cert.org/vuls/id/107886

www.mandriva.com/security/advisories?name=MDVSA-2011:073

www.osvdb.org/71493

www.redhat.com/support/errata/RHSA-2011-0428.html

www.redhat.com/support/errata/RHSA-2011-0840.html

www.securityfocus.com/bid/47176

www.ubuntu.com/usn/USN-1108-1

www.vupen.com/english/advisories/2011/0879

www.vupen.com/english/advisories/2011/0886

www.vupen.com/english/advisories/2011/0909

www.vupen.com/english/advisories/2011/0915

www.vupen.com/english/advisories/2011/0926

www.vupen.com/english/advisories/2011/0965

www.vupen.com/english/advisories/2011/1000

bugzilla.redhat.com/show_bug.cgi?id=689832

exchange.xforce.ibmcloud.com/vulnerabilities/66580

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812

www.exploit-db.com/exploits/37623/

www.isc.org/software/dhcp/advisories/cve-2011-0997

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

CVE-2011-0997

Affected configurations

References

Related