FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0997

This CVE name corresponds to:

Entered Topic
2011-04-10 isc-dhcp-client -- dhclient does not strip or escape shell meta-characters

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0997 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0997
Phase Assigned(20110214)

Description

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

References

Source Reference
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=689832
CONFIRM https://www.isc.org/software/dhcp/advisories/cve-2011-0997
DEBIAN DSA-2216
DEBIAN DSA-2217
FEDORA FEDORA-2011-4897
FEDORA FEDORA-2011-4934
GENTOO GLSA-201301-06
HP HPSBMU02752
HP SSRT100802
MANDRIVA MDVSA-2011:073
REDHAT RHSA-2011:0428
REDHAT RHSA-2011:0840
SLACKWARE SSA:2011-097-01
UBUNTU USN-1108-1
CERT-VN VU#107886
BID 47176
OSVDB 71493
OVAL oval:org.mitre.oval:def:12812
SECTRACK 1025300
SECUNIA 44037
SECUNIA 44048
SECUNIA 44089
SECUNIA 44090
SECUNIA 44103
SECUNIA 44127
SECUNIA 44180
VUPEN ADV-2011-0879
VUPEN ADV-2011-0886
VUPEN ADV-2011-0909
VUPEN ADV-2011-0915
VUPEN ADV-2011-0926
VUPEN ADV-2011-0965
VUPEN ADV-2011-1000
XF iscdhcp-dhclient-command-execution(66580)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.