7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.971 High
EPSS
Percentile
99.7%
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.
It was discovered that the DHCP client daemon, dhclient, did not
sufficiently sanitize certain options provided in DHCP server replies, such
as the client hostname. A malicious DHCP server could send such an option
with a specially-crafted value to a DHCP client. If this option’s value was
saved on the client system, and then later insecurely evaluated by a
process that assumes the option is trusted, it could lead to arbitrary code
execution with the privileges of that process. (CVE-2011-0997)
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.
All dhclient users should upgrade to these updated packages, which contain
a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | dhcp | < 3.0.1-10.3_EL3 | dhcp-3.0.1-10.3_EL3.i386.rpm |
RedHat | any | i386 | dhcp-devel | < 3.0.1-10.3_EL3 | dhcp-devel-3.0.1-10.3_EL3.i386.rpm |
RedHat | any | i386 | dhclient | < 3.0.1-10.3_EL3 | dhclient-3.0.1-10.3_EL3.i386.rpm |