ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Dhcp

Vendors: ISC (Internet Software Consortium)

ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1025300

SecurityTracker URL: http://securitytracker.com/id/1025300

CVE Reference: CVE-2011-0997 (Links to External Site)

Date: Apr 6 2011

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 3.x prior to 3.1-ESV-R1, 4.x prior to 4.1-ESV-R2, 4.2 prior to 4.2.1-P1

Description: A vulnerability was reported in ISC DHCP. A remote user can execute arbitrary commands on the target system.

A remote DHCP server can return specially crafted hostname field meta-characters to cause the connected dhclient to execute arbitrary commands.

Sebastian Krahmer and Marius Tomaschewski of the SUSE Security Team reported this vulnerability.

Impact: A remote user can execute arbitrary code on the target system.

Solution: The vendor has issued a fix (3.1-ESV-R1, 4.1-ESV-R2, 4.2.1-P1).

The vendor's advisory is available at:

https://www.isc.org/software/dhcp/advisories/cve-2011-0997

Vendor URL: www.isc.org/software/dhcp/advisories/cve-2011-0997 (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Apr 8 2011	(Red Hat Issues Fix) ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has issued a fix for Red Hat Enterprise Linux 4, 5, and 6.
May 2 2011	(NetBSD Issues Fix) ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code NetBSD has issued a fix for NetBSD 4.0, 5.0, and 5.1.
May 31 2011	(Red Hat Issues Fix) ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has issued a fix for Red Hat Enterprise Linux 3.
Jul 29 2011	(VMware Issues Fix for ESX) ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code (VMware Security Announcements <security-announce@lists.vmware.com>) VMware has issued a fix for VMware ESX.
Sep 8 2011	(Citrix Issues Fix for XenServer) ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code Citrix has issued a fix for XenServer.
Nov 11 2011	(Apple Issues Fix for Time Capsule and AirPort Base Station) ISC DHCP Meta-Character Filtering Flaw in dhclient Lets Remote Users Execute Arbitrary Code (Apple Product Security <product-security-noreply@lists.apple.com>) Apple has issued a fix for Time Capsule and AirPort Base Station.

Source Message Contents

Date: Wed, 06 Apr 2011 19:22:30 +0000
Subject: ISC DHCP


https://www.isc.org/software/dhcp/advisories/cve-2011-0997

CVE-2011-0997

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC