CVE-2011-0997

Currently unrated

Key Information:

Vendor: Isc
Status: Dhcp
Vendor: CVE Published:; 8 April 2011

Summary

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

References

http://www.securityfocus.com/bid/47176

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2011/0886

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/44103

third-party-advisoryx_refsource_SECUNIA

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2011
Vulnerability Reserved
Feb 14, 2011