Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1930Project Klibc vulnerability

6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
29.0%
top 3.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Klibc Project KlibcKlibcDebian Linux
Timeline
PublishedNov 14
Latest updateApr 22

Description

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDklibc_project/klibc< 1.5.25
Debianklibc_project/klibc< 1.5.22-1+3
CVEListV5klibc/klibc1.5.20, 1.5.21+1

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-h949-qrpv-p29v: In klibc 12022-04-22
OSV
CVE-2011-1930: In klibc 12019-11-14
CVEList
CVE-2011-1930: In klibc 12019-11-14

💥Exploits & PoCs

1
Exploit-DB
klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution2011-05-18

📋Vendor Advisories

1
Debian
CVE-2011-1930: klibc - In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DE...2011
CVE-2011-1930 — Klibc Project Klibc vulnerability | cvebase