Launchpad.net

CVE 2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Related bugs and status

CVE-2011-0997 (Candidate) is related to these bugs:

Bug #753580: dhclient does not strip or escape shell meta-characters

Summary				In	Importance	Status
	753580	dhclient does not strip or escape shell meta-characters		dhcp3 (Ubuntu)	Undecided	Fix Released

Bug #777785: Multiple domains in domain-search not working after CVE-2011-0997 patch

Summary				In	Importance	Status
	777785	Multiple domains in domain-search not working after CVE-2011-0997 patch		isc-dhcp (Ubuntu)	Undecided	Invalid

Bug #937169: [FFe] Upgrading from 4.1.1 to 4.1-ESV-R4 (Extended Support Version)

Summary				In	Importance	Status
	937169	[FFe] Upgrading from 4.1.1 to 4.1-ESV-R4 (Extended Support Version)		isc-dhcp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
CONFIRM: https://www.isc.org/so...
CERT-VN: VU#107886
BID: 47176
OSVDB: 71493
SECTRACK: 1025300
SECUNIA: 44037
VUPEN: ADV-2011-0879
DEBIAN: DSA-2216
DEBIAN: DSA-2217
FEDORA: FEDORA-2011-4897
FEDORA: FEDORA-2011-4934
MANDRIVA: MDVSA-2011:073
REDHAT: RHSA-2011:0428
UBUNTU: USN-1108-1
SECUNIA: 44048
SECUNIA: 44089
SECUNIA: 44090
SECUNIA: 44103
SECUNIA: 44127
SECUNIA: 44180
VUPEN: ADV-2011-0886
VUPEN: ADV-2011-0909
VUPEN: ADV-2011-0915
VUPEN: ADV-2011-0926
VUPEN: ADV-2011-0965
VUPEN: ADV-2011-1000
REDHAT: RHSA-2011:0840
GENTOO: GLSA-201301-06
CONFIRM: http://kb.juniper.net/...
HP: HPSBMU02752
HP: SSRT100802
SLACKWARE: SSA:2011-097-01
XF: iscdhcp-dhclient-comma...
EXPLOIT-DB: 37623
OVAL: oval:org.mitre.oval:de...