Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0997

CWE-20Improper Input ValidationCWE-78OS Command Injection12 documents8 sources
Severity
7.5HIGH
EPSS
73.5%
top 1.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Canonical Ubuntu LinuxDebian Debian LinuxISC Dhcp
Timeline
PublishedApr 8
Latest updateMay 13

Description

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianisc-dhcp< 4.1.1-P1-16.1+2
NVDisc/dhcp15 versions+14

Also affects: Debian Linux 5.0, 6.0, 7.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.10

Patches

Patch: bugzilla.redhat.comPatch: www.isc.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-hhcj-97jg-v79c: dhclient in ISC DHCP 32022-05-13
OSV
CVE-2011-0997: dhclient in ISC DHCP 32011-04-08
CVEList
CVE-2011-0997: dhclient in ISC DHCP 32011-04-08

📋Vendor Advisories

4
Ubuntu
DHCP vulnerability2011-04-19
Ubuntu
DHCP vulnerability2011-04-11
Red Hat
dhclient: insufficient sanitization of certain DHCP response values2011-04-05
Debian
CVE-2011-0997: isc-dhcp - dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV...2011

💬Community

4
Bugzilla
CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options2011-07-25
Bugzilla
CVE-2011-2717 dhcpv6: insufficient checking of DHCP options2011-07-25
Bugzilla
CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values [fedora-all]2011-04-06
Bugzilla
CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values2011-03-22