CVE-2011-0997

Published Apr 8, 2011
Last updated 3 months ago
CVSS info 7.5
Overview

Description: dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09"
          },
          {
            "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
