Lucene search

K
cveMitreCVE-2011-0997
HistoryApr 08, 2011 - 3:17 p.m.

CVE-2011-0997

2011-04-0815:17:27
CWE-20
mitre
web.nvd.nist.gov
61
cve-2011-0997
dhclient
isc dhcp
remote code execution
shell metacharacters
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.968

Percentile

99.7%

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Affected configurations

Nvd
Node
iscdhcpMatch3.0
OR
iscdhcpMatch3.0.1-
OR
iscdhcpMatch3.0.1rc1
OR
iscdhcpMatch3.0.1rc10
OR
iscdhcpMatch3.0.1rc11
OR
iscdhcpMatch3.0.1rc12
OR
iscdhcpMatch3.0.1rc13
OR
iscdhcpMatch3.0.1rc14
OR
iscdhcpMatch3.0.1rc2
OR
iscdhcpMatch3.0.1rc5
OR
iscdhcpMatch3.0.1rc6
OR
iscdhcpMatch3.0.1rc7
OR
iscdhcpMatch3.0.1rc8
OR
iscdhcpMatch3.0.1rc9
OR
iscdhcpMatch3.0.2-
OR
iscdhcpMatch3.0.2b1
OR
iscdhcpMatch3.0.2rc1
OR
iscdhcpMatch3.0.2rc2
OR
iscdhcpMatch3.0.2rc3
OR
iscdhcpMatch3.0.3-
OR
iscdhcpMatch3.0.3b1
OR
iscdhcpMatch3.0.3b2
OR
iscdhcpMatch3.0.3b3
OR
iscdhcpMatch3.0.4-
OR
iscdhcpMatch3.0.4b1
OR
iscdhcpMatch3.0.4b2
OR
iscdhcpMatch3.0.4b3
OR
iscdhcpMatch3.0.4rc1
OR
iscdhcpMatch3.0.5-
OR
iscdhcpMatch3.0.5rc1
OR
iscdhcpMatch3.0.6rc1
OR
iscdhcpMatch3.1-esv
OR
iscdhcpMatch3.1.0-
OR
iscdhcpMatch3.1.0a1
OR
iscdhcpMatch3.1.0a2
OR
iscdhcpMatch3.1.0a3
OR
iscdhcpMatch3.1.0b1
OR
iscdhcpMatch3.1.0b2
OR
iscdhcpMatch3.1.0rc1
OR
iscdhcpMatch3.1.1rc1
OR
iscdhcpMatch3.1.1rc2
OR
iscdhcpMatch3.1.2-
OR
iscdhcpMatch3.1.2b1
OR
iscdhcpMatch3.1.2rc1
OR
iscdhcpMatch3.1.3-
OR
iscdhcpMatch3.1.3b1
OR
iscdhcpMatch3.1.3rc1
Node
iscdhcpMatch4.1-esv-
OR
iscdhcpMatch4.1-esvrc1
OR
iscdhcpMatch4.2.0-
OR
iscdhcpMatch4.2.0a1
OR
iscdhcpMatch4.2.0a2
OR
iscdhcpMatch4.2.0b1
OR
iscdhcpMatch4.2.0b2
OR
iscdhcpMatch4.2.0p1
OR
iscdhcpMatch4.2.0rc1
OR
iscdhcpMatch4.2.1-
OR
iscdhcpMatch4.2.1b1
OR
iscdhcpMatch4.2.1rc1
Node
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
OR
debiandebian_linuxMatch7.0
Node
canonicalubuntu_linuxMatch6.06lts
OR
canonicalubuntu_linuxMatch8.04lts
OR
canonicalubuntu_linuxMatch9.10
OR
canonicalubuntu_linuxMatch10.04lts
OR
canonicalubuntu_linuxMatch10.10
VendorProductVersionCPE
iscdhcp3.0cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*
iscdhcp3.0.1cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*
Rows per page:
1-10 of 671

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.968

Percentile

99.7%