7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
CentOS Errata and Security Advisory CESA-2011:0428
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.
It was discovered that the DHCP client daemon, dhclient, did not
sufficiently sanitize certain options provided in DHCP server replies, such
as the client hostname. A malicious DHCP server could send such an option
with a specially-crafted value to a DHCP client. If this option’s value was
saved on the client system, and then later insecurely evaluated by a
process that assumes the option is trusted, it could lead to arbitrary code
execution with the privileges of that process. (CVE-2011-0997)
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.
All dhclient users should upgrade to these updated packages, which contain
a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079442.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079443.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079457.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079458.html
Affected packages:
dhclient
dhcp
dhcp-devel
libdhcp4client
libdhcp4client-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0428
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | dhclient | <Â 3.0.1-67.el4 | dhclient-3.0.1-67.el4.i386.rpm |
CentOS | 4 | i386 | dhcp | <Â 3.0.1-67.el4 | dhcp-3.0.1-67.el4.i386.rpm |
CentOS | 4 | i386 | dhcp-devel | <Â 3.0.1-67.el4 | dhcp-devel-3.0.1-67.el4.i386.rpm |
CentOS | 4 | x86_64 | dhclient | <Â 3.0.1-67.el4 | dhclient-3.0.1-67.el4.x86_64.rpm |
CentOS | 4 | x86_64 | dhcp | <Â 3.0.1-67.el4 | dhcp-3.0.1-67.el4.x86_64.rpm |
CentOS | 4 | x86_64 | dhcp-devel | <Â 3.0.1-67.el4 | dhcp-devel-3.0.1-67.el4.x86_64.rpm |
CentOS | 5 | i386 | dhclient | <Â 3.0.5-23.el5_6.4 | dhclient-3.0.5-23.el5_6.4.i386.rpm |
CentOS | 5 | i386 | dhcp | <Â 3.0.5-23.el5_6.4 | dhcp-3.0.5-23.el5_6.4.i386.rpm |
CentOS | 5 | i386 | dhcp-devel | <Â 3.0.5-23.el5_6.4 | dhcp-devel-3.0.5-23.el5_6.4.i386.rpm |
CentOS | 5 | i386 | libdhcp4client | <Â 3.0.5-23.el5_6.4 | libdhcp4client-3.0.5-23.el5_6.4.i386.rpm |