Oval Definition:oval:org.mitre.oval:def:12032
Revision Date:2014-07-21Version:20
Title:DSA-2216-1 isc-dhcp -- missing input sanitisation
Description:Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2011-0997
DSA-2216-1
Platform(s):Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 6.0
Product(s):isc-dhcp
Definition Synopsis
  • Debian 6.0 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND Installed architecture is all
  • AND isc-dhcp DPKG is earlier than 4.1.1-P1-15+squeeze2
  • BACK