National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2011-0997 Detail

Current Description

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Source:  MITRE      Last Modified:  04/08/2011      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2011-0997
Original release date:
04/08/2011
Last revised:
09/18/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html External Source FEDORA FEDORA-2011-4897
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html External Source FEDORA FEDORA-2011-4934
http://marc.info/?l=bugtraq&m=133226187115472&w=2 External Source HP HPSBMU02752
http://security.gentoo.org/glsa/glsa-201301-06.xml External Source GENTOO GLSA-201301-06
http://securitytracker.com/id?1025300 External Source SECTRACK 1025300
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345 External Source SLACKWARE SSA:2011-097-01
http://www.debian.org/security/2011/dsa-2216 External Source DEBIAN DSA-2216
http://www.debian.org/security/2011/dsa-2217 External Source DEBIAN DSA-2217
http://www.kb.cert.org/vuls/id/107886 US Government Resource External Source CERT-VN VU#107886
http://www.mandriva.com/security/advisories?name=MDVSA-2011:073 External Source MANDRIVA MDVSA-2011:073
http://www.redhat.com/support/errata/RHSA-2011-0428.html External Source REDHAT RHSA-2011:0428
http://www.redhat.com/support/errata/RHSA-2011-0840.html External Source REDHAT RHSA-2011:0840
http://www.securityfocus.com/bid/47176 External Source BID 47176
http://www.ubuntu.com/usn/USN-1108-1 External Source UBUNTU USN-1108-1
http://www.vupen.com/english/advisories/2011/0879 Vendor Advisory External Source VUPEN ADV-2011-0879
http://www.vupen.com/english/advisories/2011/0886 External Source VUPEN ADV-2011-0886
http://www.vupen.com/english/advisories/2011/0909 External Source VUPEN ADV-2011-0909
http://www.vupen.com/english/advisories/2011/0915 External Source VUPEN ADV-2011-0915
http://www.vupen.com/english/advisories/2011/0926 External Source VUPEN ADV-2011-0926
http://www.vupen.com/english/advisories/2011/0965 External Source VUPEN ADV-2011-0965
http://www.vupen.com/english/advisories/2011/1000 External Source VUPEN ADV-2011-1000
https://bugzilla.redhat.com/show_bug.cgi?id=689832 Patch External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=689832
https://exchange.xforce.ibmcloud.com/vulnerabilities/66580 External Source XF iscdhcp-dhclient-command-execution(66580)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812 External Source OVAL oval:org.mitre.oval:def:12812
https://www.exploit-db.com/exploits/37623/ External Source EXPLOIT-DB 37623
https://www.isc.org/software/dhcp/advisories/cve-2011-0997 Patch; Vendor Advisory External Source CONFIRM https://www.isc.org/software/dhcp/advisories/cve-2011-0997

References to Check Content

Identifier:
oval:org.mitre.oval:def:12812
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12812

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:isc:dhcp:4.1-esv:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*
cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 6 change records found - show changes