7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine.
According to ISC:
ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server (like hostname) before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client.
An unauthenticated remote attacker could cause the ISC dhclient to execute arbitrary code on the client machine.
Apply an update
Users who obtain ISC DHCP from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.
This vulnerability is addressed in ISC DHCP version 3.1-ESV-R1, 4.1-ESV-R2 and 4.2.1-P1. Users of ISC DHCP from the original source distribution should upgrade to this version or later, as appropriate.
See also <https://www.isc.org/software/dhcp/advisories/cve-2011-0997>
According to ISC:
_On SUSE systems, it is possible to disable hostname update by setting DHCLIENT_SET_HOSTNAME=“no” in /etc/sysconfig/network/dhcp.
Other systems may add following line to dhclient-script at the beginning of the set_hostname() function:
new_host_name=${new_host_name//[^-.a-zA-Z0-9]/}
In environments where filters/acls can be put into place to limit clients to accessing only legitimate dhcp servers, this will protect clients
from rogue dhcp servers deliberately trying to exploit this bug. However, this will not protect from compromised servers._
107886
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 25, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 25, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 05, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 25, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 25, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 25, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 25, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 08, 2011 Updated: May 06, 2011
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<https://www.isc.org/software/dhcp/advisories/cve-2011-0997>
Thanks to Sebastian Krahmer and Marius Tomaschewski at SUSE Security Team for reporting this vulnerability to Internet Systems Consortium.
This document was written by Michael Orlando.
CVE IDs: | CVE-2011-0997 |
---|---|
Severity Metric: | 11.34 Date Public: |