CVE-2011-0997: Input Validation
First published: Tue Mar 22 2011(Updated: )
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC DHCP | =3.0.4-b2 | |
| ISC DHCP | =3.1.0-b1 | |
| ISC DHCP | =3.1.0-a3 | |
| ISC DHCP | =3.0.6-rc1 | |
| ISC DHCP | =3.1.2-rc1 | |
| ISC DHCP | =3.1.0-rc1 | |
| ISC DHCP | =3.0.4-b1 | |
| ISC DHCP | =3.1.0-a1 | |
| ISC DHCP | =3.0.1-rc12 | |
| ISC DHCP | =3.0 | |
| ISC DHCP | =3.0.2-b1 | |
| ISC DHCP | =3.0.3-b1 | |
| ISC DHCP | =3.0.1-rc1 | |
| ISC DHCP | =3.0.4-b3 | |
| ISC DHCP | =3.0.2-rc1 | |
| ISC DHCP | =3.0.1-rc7 | |
| ISC DHCP | =3.1-esv | |
| ISC DHCP | =3.0.2-rc3 | |
| ISC DHCP | =3.0.1-rc2 | |
| ISC DHCP | =3.1.3-b1 | |
| ISC DHCP | =3.0.1-rc14 | |
| ISC DHCP | =3.0.1-rc6 | |
| ISC DHCP | =3.0.2-rc2 | |
| ISC DHCP | =3.0.1-rc13 | |
| ISC DHCP | =3.0.1-rc9 | |
| ISC DHCP | =3.0.3-b3 | |
| ISC DHCP | =3.1.1-rc1 | |
| ISC DHCP | =3.1.0-a2 | |
| ISC DHCP | =3.0.1-rc8 | |
| ISC DHCP | =3.0.3-b2 | |
| ISC DHCP | =3.1.2-b1 | |
| ISC DHCP | =3.1.3-rc1 | |
| ISC DHCP | =3.0.1-rc10 | |
| ISC DHCP | =3.0.5-rc1 | |
| ISC DHCP | =3.0.1-rc11 | |
| ISC DHCP | =3.1.1-rc2 | |
| ISC DHCP | =3.0.4-rc1 | |
| ISC DHCP | =3.1.0-b2 | |
| ISC DHCP | =3.0.1-rc5 | |
| ISC DHCP | =3.0.1 | |
| ISC DHCP | =3.0.2 | |
| ISC DHCP | =3.0.4 | |
| ISC DHCP | =3.0.5 | |
| ISC DHCP | =3.1.0 | |
| ISC DHCP | =3.1.2 | |
| ISC DHCP | =3.1.3 | |
| ISC DHCP | =3.0.3 | |
| ISC DHCP | =4.2.0-b2 | |
| ISC DHCP | =4.2.0-a2 | |
| ISC DHCP | =4.2.0-b1 | |
| ISC DHCP | =4.2.1-rc1 | |
| ISC DHCP | =4.2.0-a1 | |
| ISC DHCP | =4.1-esv-rc1 | |
| ISC DHCP | =4.2.1-b1 | |
| ISC DHCP | =4.2.0-rc1 | |
| ISC DHCP | =4.2.0-p1 | |
| ISC DHCP | =4.1-esv | |
| ISC DHCP | =4.2.0 | |
| ISC DHCP | =4.2.1 | |
| Debian Linux | =5.0 | |
| Debian Linux | =7.0 | |
| Debian Linux | =6.0 | |
| Ubuntu | =10.10 | |
| Ubuntu | =6.06 | |
| Ubuntu | =8.04 | |
| Ubuntu | =10.04 | |
| Ubuntu | =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/44037
- http://www.osvdb.org/71493
- http://www.vupen.com/english/advisories/2011/0879
- http://securitytracker.com/id?1025300
- http://www.securityfocus.com/bid/47176
- https://bugzilla.redhat.com/show_bug.cgi?id=689832
- https://www.isc.org/software/dhcp/advisories/cve-2011-0997
- http://www.kb.cert.org/vuls/id/107886
- http://secunia.com/advisories/44048
- http://secunia.com/advisories/44127
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html
- http://secunia.com/advisories/44089
- http://www.redhat.com/support/errata/RHSA-2011-0428.html
- http://www.vupen.com/english/advisories/2011/0915
- http://secunia.com/advisories/44103
- http://www.debian.org/security/2011/dsa-2217
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:073
- http://www.vupen.com/english/advisories/2011/0965
- http://secunia.com/advisories/44090
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html
- http://secunia.com/advisories/44180
- http://www.vupen.com/english/advisories/2011/0926
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345
- http://www.debian.org/security/2011/dsa-2216
- http://www.vupen.com/english/advisories/2011/0886
- http://www.vupen.com/english/advisories/2011/0909
- http://www.ubuntu.com/usn/USN-1108-1
- http://www.vupen.com/english/advisories/2011/1000
- http://www.redhat.com/support/errata/RHSA-2011-0840.html
- http://marc.info/?l=bugtraq&m=133226187115472&w=2
- http://security.gentoo.org/glsa/glsa-201301-06.xml
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66580
- https://www.exploit-db.com/exploits/37623/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486815&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486815&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486816&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486816&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486817&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486817&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486993&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=486993&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=689832#c6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=689832#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=689832#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=689832#c10
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=487590&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=487590&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=487591&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=487591&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=689832#c14
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=489356&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=489356&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=689832#c15
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=489426&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=489426&action=edit
- http://www.isc.org/software/dhcp/advisories/cve-2011-0997
- http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-P1-RELNOTES
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=694005
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=490327&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=490327&action=edit
- https://rhn.redhat.com/errata/RHSA-2011-0428.html
- https://rhn.redhat.com/errata/RHSA-2011-0840.html
Frequently Asked Questions
What is the severity of CVE-2011-0997?
CVE-2011-0997 has a severity rating of high due to its potential to allow remote code execution.
How do I fix CVE-2011-0997?
To fix CVE-2011-0997, upgrade to ISC DHCP version 4.2.1-P1 or later, or to versions 3.1-ESV-R1 and 4.1-ESV-R2.
Which versions of ISC DHCP are affected by CVE-2011-0997?
CVE-2011-0997 affects ISC DHCP versions 3.0.x through 4.2.x before 4.2.1-P1, as well as 3.1-ESV before 3.1-ESV-R1.
What are the potential risks associated with CVE-2011-0997?
The risk associated with CVE-2011-0997 includes the possibility of remote attackers executing arbitrary commands on the affected system.
Is there a workaround for CVE-2011-0997?
While upgrading is the best option, disabling DHCP or filtering DHCP requests can serve as a temporary workaround for CVE-2011-0997.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0997
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/isc
- canonical/isc dhcp
- version/isc dhcp/3.0.4-b2
- version/isc dhcp/3.1.0-b1
- version/isc dhcp/3.1.0-a3
- version/isc dhcp/3.0.6-rc1
- version/isc dhcp/3.1.2-rc1
- version/isc dhcp/3.1.0-rc1
- version/isc dhcp/3.0.4-b1
- version/isc dhcp/3.1.0-a1
- version/isc dhcp/3.0.1-rc12
- version/isc dhcp/3.0
- version/isc dhcp/3.0.2-b1
- version/isc dhcp/3.0.3-b1
- version/isc dhcp/3.0.1-rc1
- version/isc dhcp/3.0.4-b3
- version/isc dhcp/3.0.2-rc1
- version/isc dhcp/3.0.1-rc7
- version/isc dhcp/3.1-esv
- version/isc dhcp/3.0.2-rc3
- version/isc dhcp/3.0.1-rc2
- version/isc dhcp/3.1.3-b1
- version/isc dhcp/3.0.1-rc14
- version/isc dhcp/3.0.1-rc6
- version/isc dhcp/3.0.2-rc2
- version/isc dhcp/3.0.1-rc13
- version/isc dhcp/3.0.1-rc9
- version/isc dhcp/3.0.3-b3
- version/isc dhcp/3.1.1-rc1
- version/isc dhcp/3.1.0-a2
- version/isc dhcp/3.0.1-rc8
- version/isc dhcp/3.0.3-b2
- version/isc dhcp/3.1.2-b1
- version/isc dhcp/3.1.3-rc1
- version/isc dhcp/3.0.1-rc10
- version/isc dhcp/3.0.5-rc1
- version/isc dhcp/3.0.1-rc11
- version/isc dhcp/3.1.1-rc2
- version/isc dhcp/3.0.4-rc1
- version/isc dhcp/3.1.0-b2
- version/isc dhcp/3.0.1-rc5
- version/isc dhcp/3.0.1
- version/isc dhcp/3.0.2
- version/isc dhcp/3.0.4
- version/isc dhcp/3.0.5
- version/isc dhcp/3.1.0
- version/isc dhcp/3.1.2
- version/isc dhcp/3.1.3
- version/isc dhcp/3.0.3
- version/isc dhcp/4.2.0-b2
- version/isc dhcp/4.2.0-a2
- version/isc dhcp/4.2.0-b1
- version/isc dhcp/4.2.1-rc1
- version/isc dhcp/4.2.0-a1
- version/isc dhcp/4.1-esv-rc1
- version/isc dhcp/4.2.1-b1
- version/isc dhcp/4.2.0-rc1
- version/isc dhcp/4.2.0-p1
- version/isc dhcp/4.1-esv
- version/isc dhcp/4.2.0
- version/isc dhcp/4.2.1
- vendor/debian
- canonical/debian linux
- version/debian linux/5.0
- version/debian linux/7.0
- version/debian linux/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/6.06
- version/ubuntu/8.04
- version/ubuntu/10.04
- version/ubuntu/9.10