{ "id": "CVE-2011-0997", "sourceIdentifier": "cve@mitre.org", "published": "2011-04-08T15:17:27.387", "lastModified": "2020-04-01T13:07:53.590", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script." }, { "lang": "es", "value": "dhclient en ISC DHCP 3.0.x hasta la versi\u00f3n 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de anfitri\u00f3n obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitri\u00f3n dado por dhclient-script." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*", "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*", "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*", "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*", "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*", "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*", "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*", "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*", "matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*", "matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*", "matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*", "matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*", "matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*", "matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*", "matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*", "matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*", "matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*", "matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*", "matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*", "matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*", "matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*", "matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*", "matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*", "matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*", "matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*", "matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*", "matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*", "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*", "matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*", "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*", "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*", "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*", "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*", "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*", "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B" } ] } ] } ], "references": [ { "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://securitytracker.com/id?1025300", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2011/dsa-2216", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2011/dsa-2217", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.kb.cert.org/vuls/id/107886", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/47176", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.ubuntu.com/usn/USN-1108-1", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2011/0879", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "http://www.vupen.com/english/advisories/2011/0886", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "http://www.vupen.com/english/advisories/2011/0909", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "http://www.vupen.com/english/advisories/2011/0915", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "http://www.vupen.com/english/advisories/2011/0926", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "http://www.vupen.com/english/advisories/2011/0965", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "http://www.vupen.com/english/advisories/2011/1000", "source": "cve@mitre.org", "tags": [ "Permissions Required" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.exploit-db.com/exploits/37623/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] } ] }