Vulnerability Details : CVE-2011-0997
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2011-0997
Probability of exploitation activity in the next 30 days: 97.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0997
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-0997
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0997
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
http://www.vupen.com/english/advisories/2011/0926
Webmail | OVH- OVHPermissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812
Repository / Oval RepositoryThird Party Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Juniper Networks - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPViewThird Party Advisory
-
http://www.kb.cert.org/vuls/id/107886
VU#107886 - ISC dhclient vulnerabilityThird Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2011/0965
Webmail | OVH- OVHPermissions Required
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html
[SECURITY] Fedora 14 Update: dhcp-4.2.0-21.P2.fc14Mailing List;Third Party Advisory
-
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
Internet Systems ConsortiumPatch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0428.html
SupportThird Party Advisory
-
http://www.securityfocus.com/bid/47176
ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html
[SECURITY] Fedora 15 Update: dhcp-4.2.1-4.P1.fc15Mailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0840.html
SupportThird Party Advisory
-
http://marc.info/?l=bugtraq&m=133226187115472&w=2
'[security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), R' - MARCMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/1000
Webmail | OVH- OVHPermissions Required
-
http://www.vupen.com/english/advisories/2011/0879
Webmail | OVH- OVHPermissions Required
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66580
ISC DHCP dhclient command execution CVE-2011-0997 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2011/dsa-2216
Debian -- Security Information -- DSA-2216-1 isc-dhcpThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1108-1
USN-1108-1: DHCP vulnerability | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=689832
689832 – (CVE-2011-0997) CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response valuesIssue Tracking;Patch;Third Party Advisory
-
https://www.exploit-db.com/exploits/37623/
15 TOTOLINK Router Models - Multiple Remote Code Execution Vulnerabilities - Hardware webapps ExploitThird Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:073
mandriva.comThird Party Advisory
-
http://www.vupen.com/english/advisories/2011/0886
Webmail | OVH- OVHPermissions Required
-
http://www.vupen.com/english/advisories/2011/0909
Webmail | OVH- OVHPermissions Required
-
http://securitytracker.com/id?1025300
ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201301-06.xml
ISC DHCP: Denial of Service (GLSA 201301-06) — Gentoo securityThird Party Advisory
-
http://www.vupen.com/english/advisories/2011/0915
Webmail | OVH- OVHPermissions Required
-
http://www.debian.org/security/2011/dsa-2217
Debian -- Security Information -- DSA-2217-1 dhcp3Third Party Advisory
Products affected by CVE-2011-0997
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*