{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "47176", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47176"}, {"name": "ADV-2011-0886", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0886"}, {"name": "44103", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44103"}, {"name": "RHSA-2011:0840", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"}, {"name": "44037", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44037"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"}, {"name": "ADV-2011-0926", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0926"}, {"name": "HPSBMU02752", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"name": "44127", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44127"}, {"name": "MDVSA-2011:073", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"}, {"name": "SSRT100802", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"name": "ADV-2011-0909", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0909"}, {"name": "oval:org.mitre.oval:def:12812", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"}, {"name": "71493", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/71493"}, {"name": "44090", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44090"}, {"name": "44048", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44048"}, {"name": "FEDORA-2011-4934", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"}, {"name": "iscdhcp-dhclient-command-execution(66580)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"}, {"name": "ADV-2011-0879", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0879"}, {"name": "VU#107886", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/107886"}, {"name": "1025300", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025300"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "SSA:2011-097-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345"}, {"name": "ADV-2011-1000", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/1000"}, {"name": "ADV-2011-0915", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0915"}, {"name": "ADV-2011-0965", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0965"}, {"name": "37623", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/37623/"}, {"name": "GLSA-201301-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"}, {"name": "44180", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44180"}, {"name": "DSA-2217", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2217"}, {"name": "USN-1108-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1108-1"}, {"name": "DSA-2216", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2216"}, {"name": "FEDORA-2011-4897", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"}, {"name": "RHSA-2011:0428", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"}, {"name": "44089", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44089"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0997", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "47176", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47176"}, {"name": "ADV-2011-0886", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0886"}, {"name": "44103", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44103"}, {"name": "RHSA-2011:0840", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"}, {"name": "44037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44037"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=689832", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"}, {"name": "ADV-2011-0926", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0926"}, {"name": "HPSBMU02752", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"name": "44127", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44127"}, {"name": "MDVSA-2011:073", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"}, {"name": "SSRT100802", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"name": "ADV-2011-0909", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0909"}, {"name": "oval:org.mitre.oval:def:12812", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"}, {"name": "71493", "refsource": "OSVDB", "url": "http://www.osvdb.org/71493"}, {"name": "44090", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44090"}, {"name": "44048", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44048"}, {"name": "FEDORA-2011-4934", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"}, {"name": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997", "refsource": "CONFIRM", "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"}, {"name": "iscdhcp-dhclient-command-execution(66580)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"}, {"name": "ADV-2011-0879", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0879"}, {"name": "VU#107886", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/107886"}, {"name": "1025300", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025300"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "SSA:2011-097-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345"}, {"name": "ADV-2011-1000", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/1000"}, {"name": "ADV-2011-0915", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0915"}, {"name": "ADV-2011-0965", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0965"}, {"name": "37623", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/37623/"}, {"name": "GLSA-201301-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"}, {"name": "44180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44180"}, {"name": "DSA-2217", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2217"}, {"name": "USN-1108-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1108-1"}, {"name": "DSA-2216", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2216"}, {"name": "FEDORA-2011-4897", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"}, {"name": "RHSA-2011:0428", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"}, {"name": "44089", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44089"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:27.265Z"}, "title": "CVE Program Container", "references": [{"name": "47176", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47176"}, {"name": "ADV-2011-0886", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0886"}, {"name": "44103", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44103"}, {"name": "RHSA-2011:0840", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"}, {"name": "44037", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44037"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"}, {"name": "ADV-2011-0926", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0926"}, {"name": "HPSBMU02752", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"name": "44127", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44127"}, {"name": "MDVSA-2011:073", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"}, {"name": "SSRT100802", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"name": "ADV-2011-0909", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0909"}, {"name": "oval:org.mitre.oval:def:12812", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"}, {"name": "71493", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/71493"}, {"name": "44090", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44090"}, {"name": "44048", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44048"}, {"name": "FEDORA-2011-4934", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"}, {"name": "iscdhcp-dhclient-command-execution(66580)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"}, {"name": "ADV-2011-0879", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0879"}, {"name": "VU#107886", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/107886"}, {"name": "1025300", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025300"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "SSA:2011-097-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345"}, {"name": "ADV-2011-1000", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/1000"}, {"name": "ADV-2011-0915", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0915"}, {"name": "ADV-2011-0965", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0965"}, {"name": "37623", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/37623/"}, {"name": "GLSA-201301-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"}, {"name": "44180", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44180"}, {"name": "DSA-2217", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2217"}, {"name": "USN-1108-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1108-1"}, {"name": "DSA-2216", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2216"}, {"name": "FEDORA-2011-4897", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"}, {"name": "RHSA-2011:0428", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"}, {"name": "44089", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44089"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0997", "datePublished": "2011-04-08T15:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:27.265Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*", "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*", "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*", "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*", "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*", "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*", "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*", "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*", "matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*", "matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*", "matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*", "matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*", "matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*", "matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*", "matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*", "matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*", "matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*", "matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*", "matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*", "matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*", "matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*", "matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*", "matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*", "matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*", "matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*", "matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*", "matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*", "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*", "matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*", "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*", "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*", "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*", "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*", "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*", "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."}, {"lang": "es", "value": "dhclient en ISC DHCP 3.0.x hasta la versi\u00f3n 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de anfitri\u00f3n obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitri\u00f3n dado por dhclient-script."}], "id": "CVE-2011-0997", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-08T15:17:27.387", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44037"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44048"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44089"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44090"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44103"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44127"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44180"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1025300"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2216"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2217"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/107886"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/71493"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/47176"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1108-1"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0879"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0886"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0909"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0915"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0926"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0965"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/1000"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/37623/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1025300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/107886"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/71493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/47176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1108-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0879"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0886"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/1000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/37623/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Sebastian Krahmer (SuSE Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2011:0840", "cpe": "cpe:/o:redhat:rhel_els:3", "package": "dhcp-7:3.0.1-10.3_EL3", "product_name": "Red Hat Enterprise Linux 3 Extended Lifecycle Support", "release_date": "2011-05-31T00:00:00Z"}, {"advisory": "RHSA-2011:0428", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "dhcp-7:3.0.1-67.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2011-04-08T00:00:00Z"}, {"advisory": "RHSA-2011:0428", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "dhcp-12:3.0.5-23.el5_6.4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-04-08T00:00:00Z"}, {"advisory": "RHSA-2011:0428", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "dhcp-12:4.1.1-12.P1.el6_0.4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-04-08T00:00:00Z"}], "bugzilla": {"description": "dhclient: insufficient sanitization of certain DHCP response values", "id": "689832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"}, "csaw": false, "cvss": {"cvss_base_score": "7.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-78", "details": ["dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."], "name": "CVE-2011-0997", "public_date": "2011-04-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0997\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0997"], "threat_severity": "Important"}