ISC dhclient vulnerability

Overview

The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine.

Description

According to ISC:

ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server (like hostname) before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client.

---

Impact

An unauthenticated remote attacker could cause the ISC dhclient to execute arbitrary code on the client machine.

---

Solution

Apply an update

Users who obtain ISC DHCP from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC DHCP version 3.1-ESV-R1, 4.1-ESV-R2 and 4.2.1-P1. Users of ISC DHCP from the original source distribution should upgrade to this version or later, as appropriate.

See also <https://www.isc.org/software/dhcp/advisories/cve-2011-0997&gt;

---

According to ISC:
_On SUSE systems, it is possible to disable hostname update by setting DHCLIENT_SET_HOSTNAME=“no” in /etc/sysconfig/network/dhcp.
Other systems may add following line to dhclient-script at the beginning of the set_hostname() function:

new_host_name=${new_host_name//[^-.a-zA-Z0-9]/}

In environments where filters/acls can be put into place to limit clients to accessing only legitimate dhcp servers, this will protect clients
from rogue dhcp servers deliberately trying to exploit this bug. However, this will not protect from compromised servers._

---

Vendor Information

107886

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian GNU/Linux Affected

Updated: April 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.debian.org/security/2011/dsa-2216&gt;
• <http://www.debian.org/security/2011/dsa-2217&gt;

Fedora Project Affected

Updated: April 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html&gt;
• <http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html&gt;

Internet Systems Consortium Affected

Updated: April 05, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <https://www.isc.org/software/dhcp/advisories/cve-2011-0997&gt;

Mandriva S. A. Affected

Updated: April 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.mandriva.com/security/advisories?name=MDVSA-2011:073&gt;

Red Hat, Inc. Affected

Updated: April 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.redhat.com/support/errata/RHSA-2011-0428.html&gt;

Slackware Linux Inc. Affected

Updated: April 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345

Ubuntu Affected

Updated: April 25, 2011

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• <http://www.ubuntu.com/usn/USN-1108-1&gt;

Wind River Systems, Inc. Not Affected

Notified: April 08, 2011 Updated: May 06, 2011

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<https://www.isc.org/software/dhcp/advisories/cve-2011-0997&gt;

Acknowledgements

Thanks to Sebastian Krahmer and Marius Tomaschewski at SUSE Security Team for reporting this vulnerability to Internet Systems Consortium.

This document was written by Michael Orlando.

Other Information

CVE IDs:	CVE-2011-0997
Severity Metric:	11.34 Date Public: