CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Published: Apr 8, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0997
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
isc / dhcp	3.0.4-b2	3.0.4-b2.x
isc / dhcp	3.1.0-b1	3.1.0-b1.x
isc / dhcp	3.1.0-a3	3.1.0-a3.x
isc / dhcp	3.0.6-rc1	3.0.6-rc1.x
isc / dhcp	3.1.2-rc1	3.1.2-rc1.x
isc / dhcp	3.1.0-rc1	3.1.0-rc1.x
isc / dhcp	3.0.4-b1	3.0.4-b1.x
isc / dhcp	3.1.0-a1	3.1.0-a1.x
isc / dhcp	3.0.1-rc12	3.0.1-rc12.x
isc / dhcp	3.0	3.0.x
isc / dhcp	3.0.2-b1	3.0.2-b1.x
isc / dhcp	3.0.3-b1	3.0.3-b1.x
isc / dhcp	3.0.1-rc1	3.0.1-rc1.x
isc / dhcp	3.0.4-b3	3.0.4-b3.x
isc / dhcp	3.0.2-rc1	3.0.2-rc1.x
isc / dhcp	3.0.1-rc7	3.0.1-rc7.x
isc / dhcp	3.1-esv	3.1-esv.x
isc / dhcp	3.0.2-rc3	3.0.2-rc3.x
isc / dhcp	3.0.1-rc2	3.0.1-rc2.x
isc / dhcp	3.1.3-b1	3.1.3-b1.x
isc / dhcp	3.0.1-rc14	3.0.1-rc14.x
isc / dhcp	3.0.1-rc6	3.0.1-rc6.x
isc / dhcp	3.0.2-rc2	3.0.2-rc2.x
isc / dhcp	3.0.1-rc13	3.0.1-rc13.x
isc / dhcp	3.0.1-rc9	3.0.1-rc9.x
isc / dhcp	3.0.3-b3	3.0.3-b3.x
isc / dhcp	3.1.1-rc1	3.1.1-rc1.x
isc / dhcp	3.1.0-a2	3.1.0-a2.x
isc / dhcp	3.0.1-rc8	3.0.1-rc8.x
isc / dhcp	3.0.3-b2	3.0.3-b2.x
isc / dhcp	3.1.2-b1	3.1.2-b1.x
isc / dhcp	3.1.3-rc1	3.1.3-rc1.x
isc / dhcp	3.0.1-rc10	3.0.1-rc10.x
isc / dhcp	3.0.5-rc1	3.0.5-rc1.x
isc / dhcp	3.0.1-rc11	3.0.1-rc11.x
isc / dhcp	3.1.1-rc2	3.1.1-rc2.x
isc / dhcp	3.0.4-rc1	3.0.4-rc1.x
isc / dhcp	3.1.0-b2	3.1.0-b2.x
isc / dhcp	3.0.1-rc5	3.0.1-rc5.x
isc / dhcp	3.0.1	3.0.1.x
isc / dhcp	3.0.2	3.0.2.x
isc / dhcp	3.0.4	3.0.4.x
isc / dhcp	3.0.5	3.0.5.x
isc / dhcp	3.1.0	3.1.0.x
isc / dhcp	3.1.2	3.1.2.x
isc / dhcp	3.1.3	3.1.3.x
isc / dhcp	3.0.3	3.0.3.x
isc / dhcp	4.2.0-b2	4.2.0-b2.x
isc / dhcp	4.2.0-a2	4.2.0-a2.x
isc / dhcp	4.2.0-b1	4.2.0-b1.x
isc / dhcp	4.2.1-rc1	4.2.1-rc1.x
isc / dhcp	4.2.0-a1	4.2.0-a1.x
isc / dhcp	4.1-esv-rc1	4.1-esv-rc1.x
isc / dhcp	4.2.1-b1	4.2.1-b1.x
isc / dhcp	4.2.0-rc1	4.2.0-rc1.x
isc / dhcp	4.2.0-p1	4.2.0-p1.x
isc / dhcp	4.1-esv	4.1-esv.x
isc / dhcp	4.2.0	4.2.0.x
isc / dhcp	4.2.1	4.2.1.x
debian / debian_linux	5.0	5.0.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x
canonical / ubuntu_linux	10.10	10.10.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	9.10	9.10.x

Vulnerability Database

289,697

CVE-2011-0997