Vulnerability Name:

CVE-2011-0997

Assigned:2011-02-14
Published:2011-04-05
Updated:2017-09-18
Summary:dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
CVSS v3 Severity:7.3 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.9 High (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
CWE-78
References:Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Source: FEDORA
Type: UNKNOWN
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html

Source: FEDORA
Type: UNKNOWN
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html

Source: HP
Type: UNKNOWN
http://marc.info/?l=bugtraq&m=133226187115472&w=2

Source: GENTOO
Type: UNKNOWN
http://security.gentoo.org/glsa/glsa-201301-06.xml

Source: SECTRACK
Type: UNKNOWN
1025300

Source: SLACKWARE
Type: UNKNOWN
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345

Source: DEBIAN
Type: UNKNOWN
http://www.debian.org/security/2011/dsa-2216

Source: DEBIAN
Type: UNKNOWN
http://www.debian.org/security/2011/dsa-2217

Source: CERT-VN
Type: UNKNOWN
http://www.kb.cert.org/vuls/id/107886

Source: MANDRIVA
Type: UNKNOWN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:073

Source: REDHAT
Type: UNKNOWN
http://www.redhat.com/support/errata/RHSA-2011-0428.html

Source: REDHAT
Type: UNKNOWN
http://www.redhat.com/support/errata/RHSA-2011-0840.html

Source: BID
Type: UNKNOWN
47176

Source: UBUNTU
Type: UNKNOWN
http://www.ubuntu.com/usn/USN-1108-1

Source: VUPEN
Type: VENDOR_ADVISORY
http://www.vupen.com/english/advisories/2011/0879

Source: VUPEN
Type: UNKNOWN
http://www.vupen.com/english/advisories/2011/0886

Source: VUPEN
Type: UNKNOWN
http://www.vupen.com/english/advisories/2011/0909

Source: VUPEN
Type: UNKNOWN
http://www.vupen.com/english/advisories/2011/0915

Source: VUPEN
Type: UNKNOWN
http://www.vupen.com/english/advisories/2011/0926

Source: VUPEN
Type: UNKNOWN
http://www.vupen.com/english/advisories/2011/0965

Source: VUPEN
Type: UNKNOWN
http://www.vupen.com/english/advisories/2011/1000

Source: CONFIRM
Type: PATCH
https://bugzilla.redhat.com/show_bug.cgi?id=689832

Source: XF
Type: UNKNOWN
https://exchange.xforce.ibmcloud.com/vulnerabilities/66580

Source: EXPLOIT-DB
Type: UNKNOWN
37623

Source: CONFIRM
Type: VENDOR_ADVISORY
https://www.isc.org/software/dhcp/advisories/cve-2011-0997

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.1-esv:*:*:*:*:*:*:*
  • OR cpe:/a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20110997
    V
    CVE-2011-0997
    2017-09-25
    oval:org.mitre.oval:def:21712
    P
    RHSA-2011:0428: dhcp security update (Important)
    2015-03-09
    oval:org.mitre.oval:def:12032
    P
    DSA-2216-1 isc-dhcp -- missing input sanitisation
    2014-07-21
    oval:org.mitre.oval:def:12297
    P
    DSA-2217-1 dhcp3 -- missing input sanitisation
    2014-07-21
    oval:org.mitre.oval:def:13818
    P
    USN-1108-1 -- dhcp3 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:13937
    P
    USN-1108-2 -- dhcp3 vulnerability
    2014-06-30
    oval:org.mitre.oval:def:23459
    P
    ELSA-2011:0428: dhcp security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:20394
    V
    VMware ESX third party updates for Service Console packages glibc and dhcp
    2014-01-20
    oval:org.mitre.oval:def:12812
    V
    VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp
    2011-12-05
    oval:com.redhat.rhsa:def:20110428
    P
    RHSA-2011:0428: dhcp security update (Important)
    2011-04-08
    BACK
    isc dhcp 3.0.1 rc5
    isc dhcp 3.0.1 rc1
    isc dhcp 3.0.1 rc6
    isc dhcp 3.0.1 rc2
    isc dhcp 3.0.1 rc14
    isc dhcp 3.0.1 rc13
    isc dhcp 3.0.1 rc10
    isc dhcp 3.0.1 rc11
    isc dhcp 3.0.1 rc8
    isc dhcp 3.0.1 rc7
    isc dhcp 3.0.1 rc12
    isc dhcp 3.0.1 rc9
    isc dhcp 3.0.4
    isc dhcp 3.0
    isc dhcp 3.0.1
    isc dhcp 3.0.2 rc1
    isc dhcp 3.0.2 rc2
    isc dhcp 3.0.2 rc3
    isc dhcp 3.0.2
    isc dhcp 3.0.3
    isc dhcp 3.0.4 rc1
    isc dhcp 3.0.5 rc1
    isc dhcp 3.0.5
    isc dhcp 3.0.6 rc1
    isc dhcp 3.1.0 rc1
    isc dhcp 3.1.0
    isc dhcp 3.1.1 rc1
    isc dhcp 3.1.1 rc2
    isc dhcp 3.1.2 rc1
    isc dhcp 3.1.2
    isc dhcp 3.1.3 rc1
    isc dhcp 3.1.3
    isc dhcp 3.1-esv
    isc dhcp 3.0.4 b1
    isc dhcp 3.0.4 b3
    isc dhcp 3.0.4 b2
    isc dhcp 3.0.2 b1
    isc dhcp 3.0.3 b1
    isc dhcp 3.0.3 b2
    isc dhcp 3.0.3 b3
    isc dhcp 3.1.0 b1
    isc dhcp 3.1.0 a1
    isc dhcp 3.1.0 a2
    isc dhcp 3.1.0 a3
    isc dhcp 3.1.0 b2
    isc dhcp 3.1.2 b1
    isc dhcp 3.1.3 b1
    isc dhcp 4.2.0 a1
    isc dhcp 4.2.0 a2
    isc dhcp 4.2.0 b1
    isc dhcp 4.2.0 b2
    isc dhcp 4.2.0 p1
    isc dhcp 4.2.0 rc1
    isc dhcp 4.2.0
    isc dhcp 4.2.1 b1
    isc dhcp 4.2.1 rc1
    isc dhcp 4.2.1
    isc dhcp 4.1-esv
    isc dhcp 4.1-esv rc1
    redhat enterprise_linux 4
    redhat enterprise_linux 5
    redhat enterprise_linux 6