CVE-2011-1930

🗓️ 14 Nov 2019 02:01:32Reported by redhatType

cve🔗 web.nvd.nist.gov👁 76 Views🌐 WEB

In klibc 1.5.20 and 1.5.21, DHCP options written by ipconfig are not properly escaped

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2011-1930	18 May 201100:00	–	circl
Cvelist	CVE-2011-1930	14 Nov 201902:01	–	cvelist
Debian CVE	CVE-2011-1930	14 Nov 201902:01	–	debiancve
Tenable Nessus	GLSA-201309-21 : klibc: Command Injection	27 Sep 201300:00	–	nessus
Gentoo Linux	klibc: Command Injection	26 Sep 201300:00	–	gentoo
NVD	CVE-2011-1930	14 Nov 201903:15	–	nvd
OpenVAS	Gentoo Security Advisory GLSA 201309-21	29 Sep 201500:00	–	openvas
OSV	CVE-2011-1930	14 Nov 201903:15	–	osv
OSV	DEBIAN-CVE-2011-1930	14 Nov 201903:15	–	osv
Prion	Code injection	14 Nov 201903:15	–	prion

NVD

Vulners

Node

klibc_project klibcRange<1.5.25

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

[
  {
    "product": "klibc",
    "vendor": "klibc",
    "versions": [
      {
        "status": "affected",
        "version": "1.5.20"
      },
      {
        "status": "affected",
        "version": "1.5.21"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/cve-2011-1930
securityfocus	www.securityfocus.com/bid/47924
openwall	www.openwall.com/lists/oss-security/2012/05/22/12
security-tracker	www.security-tracker.debian.org/tracker/CVE-2011-1930
security	www.security.gentoo.org/glsa/glsa-201309-21.xml

Parameter	Position	Path	Description	CWE
DHCP options content written to file	path	/tmp/net-$DEVICE.conf	Unescaped DHCP options written to /tmp/net-<DEVICE>.conf may allow crafted DHCP replies to execute code.

21 Nov 2024 01:27Current

9.5High risk

Vulners AI Score9.5

CVSS 3.19.8

CVSS 210

EPSS0.28991