Name | CVE_2011_0997 |
---|---|
CVE | CVE-2011-0997 Exploit Pack |
NOTES: | |
-This exploit answers dhcp requests with crafted packets to get commands executed by scripts using the hostname. | |
For this exploit to work, the target host it must request the hostname over dhcp. |
-Tested on Fedora 14, where the commands are executed by GDM(root) when passing the hostname as a variable to mcpp over bash.
Eg: mcpp --DHOST=random;command1;command2; --etc
-Broadcast packets don’t work on Vmware virtual interface so it must be used on physical network.
Repeatability: Infinite
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997