Vulnerability-Lookup

CVE-2011-0997 (GCVE-0-2011-0997)

Vulnerability from cvelistv5 – Published: 2011-04-08 15:00 – Updated: 2024-08-06 22:14

Summary

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/47176	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2011/0886	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/44103	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-08…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/44037	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=689832	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0926	vdb-entryx_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=133226187115472&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/44127	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://marc.info/?l=bugtraq&m=133226187115472&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2011/0909	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.osvdb.org/71493	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/44090	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/44048	third-party-advisoryx_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://www.isc.org/software/dhcp/advisories/cve-…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2011/0879	vdb-entryx_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/107886	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1025300	vdb-entryx_refsource_SECTRACK
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://www.vupen.com/english/advisories/2011/1000	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0915	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0965	vdb-entryx_refsource_VUPEN
	https://www.exploit-db.com/exploits/37623/	exploitx_refsource_EXPLOIT-DB
	http://security.gentoo.org/glsa/glsa-201301-06.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/44180	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2011/dsa-2217	vendor-advisoryx_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-1108-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2011/dsa-2216	vendor-advisoryx_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2011-04…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/44089	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47176",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47176"
          },
          {
            "name": "ADV-2011-0886",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0886"
          },
          {
            "name": "44103",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44103"
          },
          {
            "name": "RHSA-2011:0840",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
          },
          {
            "name": "44037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
          },
          {
            "name": "ADV-2011-0926",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0926"
          },
          {
            "name": "HPSBMU02752",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "name": "44127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44127"
          },
          {
            "name": "MDVSA-2011:073",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
          },
          {
            "name": "SSRT100802",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "name": "ADV-2011-0909",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0909"
          },
          {
            "name": "oval:org.mitre.oval:def:12812",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
          },
          {
            "name": "71493",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/71493"
          },
          {
            "name": "44090",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44090"
          },
          {
            "name": "44048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44048"
          },
          {
            "name": "FEDORA-2011-4934",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
          },
          {
            "name": "iscdhcp-dhclient-command-execution(66580)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
          },
          {
            "name": "ADV-2011-0879",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0879"
          },
          {
            "name": "VU#107886",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/107886"
          },
          {
            "name": "1025300",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025300"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "SSA:2011-097-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
          },
          {
            "name": "ADV-2011-1000",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1000"
          },
          {
            "name": "ADV-2011-0915",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0915"
          },
          {
            "name": "ADV-2011-0965",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0965"
          },
          {
            "name": "37623",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37623/"
          },
          {
            "name": "GLSA-201301-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
          },
          {
            "name": "44180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44180"
          },
          {
            "name": "DSA-2217",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2217"
          },
          {
            "name": "USN-1108-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1108-1"
          },
          {
            "name": "DSA-2216",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2216"
          },
          {
            "name": "FEDORA-2011-4897",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
          },
          {
            "name": "RHSA-2011:0428",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
          },
          {
            "name": "44089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "47176",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47176"
        },
        {
          "name": "ADV-2011-0886",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0886"
        },
        {
          "name": "44103",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44103"
        },
        {
          "name": "RHSA-2011:0840",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
        },
        {
          "name": "44037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
        },
        {
          "name": "ADV-2011-0926",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0926"
        },
        {
          "name": "HPSBMU02752",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
        },
        {
          "name": "44127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44127"
        },
        {
          "name": "MDVSA-2011:073",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
        },
        {
          "name": "SSRT100802",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
        },
        {
          "name": "ADV-2011-0909",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0909"
        },
        {
          "name": "oval:org.mitre.oval:def:12812",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
        },
        {
          "name": "71493",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/71493"
        },
        {
          "name": "44090",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44090"
        },
        {
          "name": "44048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44048"
        },
        {
          "name": "FEDORA-2011-4934",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
        },
        {
          "name": "iscdhcp-dhclient-command-execution(66580)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
        },
        {
          "name": "ADV-2011-0879",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0879"
        },
        {
          "name": "VU#107886",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/107886"
        },
        {
          "name": "1025300",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025300"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "name": "SSA:2011-097-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
        },
        {
          "name": "ADV-2011-1000",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1000"
        },
        {
          "name": "ADV-2011-0915",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0915"
        },
        {
          "name": "ADV-2011-0965",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0965"
        },
        {
          "name": "37623",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37623/"
        },
        {
          "name": "GLSA-201301-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
        },
        {
          "name": "44180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44180"
        },
        {
          "name": "DSA-2217",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2217"
        },
        {
          "name": "USN-1108-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1108-1"
        },
        {
          "name": "DSA-2216",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2216"
        },
        {
          "name": "FEDORA-2011-4897",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
        },
        {
          "name": "RHSA-2011:0428",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
        },
        {
          "name": "44089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44089"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0997",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47176",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47176"
            },
            {
              "name": "ADV-2011-0886",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0886"
            },
            {
              "name": "44103",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44103"
            },
            {
              "name": "RHSA-2011:0840",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
            },
            {
              "name": "44037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44037"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=689832",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
            },
            {
              "name": "ADV-2011-0926",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0926"
            },
            {
              "name": "HPSBMU02752",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
            },
            {
              "name": "44127",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44127"
            },
            {
              "name": "MDVSA-2011:073",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
            },
            {
              "name": "SSRT100802",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
            },
            {
              "name": "ADV-2011-0909",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0909"
            },
            {
              "name": "oval:org.mitre.oval:def:12812",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
            },
            {
              "name": "71493",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/71493"
            },
            {
              "name": "44090",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44090"
            },
            {
              "name": "44048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44048"
            },
            {
              "name": "FEDORA-2011-4934",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
            },
            {
              "name": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997",
              "refsource": "CONFIRM",
              "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
            },
            {
              "name": "iscdhcp-dhclient-command-execution(66580)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
            },
            {
              "name": "ADV-2011-0879",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0879"
            },
            {
              "name": "VU#107886",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/107886"
            },
            {
              "name": "1025300",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025300"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "SSA:2011-097-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
            },
            {
              "name": "ADV-2011-1000",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1000"
            },
            {
              "name": "ADV-2011-0915",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0915"
            },
            {
              "name": "ADV-2011-0965",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0965"
            },
            {
              "name": "37623",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37623/"
            },
            {
              "name": "GLSA-201301-06",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
            },
            {
              "name": "44180",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44180"
            },
            {
              "name": "DSA-2217",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2217"
            },
            {
              "name": "USN-1108-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1108-1"
            },
            {
              "name": "DSA-2216",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2216"
            },
            {
              "name": "FEDORA-2011-4897",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
            },
            {
              "name": "RHSA-2011:0428",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
            },
            {
              "name": "44089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44089"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0997",
    "datePublished": "2011-04-08T15:00:00.000Z",
    "dateReserved": "2011-02-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:14:27.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-637

Vulnerability from certfr_avis - Published: 2011-11-14 - Updated: 2011-11-14

Une vulnérabilité dans Time Capsule et AirPort Base Station (802.11n) pourrait permettre à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

La vulnérabilité se trouve dans dhclient. Une personne malintentionnée pourrait envoyer des réponses DHCP malveillantes contenant des méta-caractères du shell dans le hostname et ainsi exécuter des commandes arbitraires à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Time Capsule.
Apple	N/A	AirPort Extreme Base Station (802.11n) ;
Apple	N/A	AirPort Express Base Station (802.11n) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5005 du 11 novembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Time Capsule.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "AirPort Extreme Base Station (802.11n) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "AirPort Express Base Station (802.11n) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLa vuln\u00e9rabilit\u00e9 se trouve dans dhclient. Une personne malintentionn\u00e9e\npourrait envoyer des r\u00e9ponses DHCP malveillantes contenant des\nm\u00e9ta-caract\u00e8res du shell dans le hostname et ainsi ex\u00e9cuter des\ncommandes arbitraires \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    }
  ],
  "initial_release_date": "2011-11-14T00:00:00",
  "last_revision_date": "2011-11-14T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-637",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eTime Capsule\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eAirPort Base Station\u003c/span\u003e (802.11n) pourrait permettre\n\u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Apple \u003cSPAN class=\"textit\"\u003eTime Capsule\u003c/SPAN\u003e et \u003cSPAN class=\"textit\"\u003eAirPort Base Station\u003c/SPAN\u003e",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5005 du 11 novembre 2011",
      "url": "http://support.apple.com/kb/HT5005"
    }
  ]
}

CERTA-2011-AVI-423

Vulnerability from certfr_avis - Published: 2011-08-01 - Updated: 2011-08-01

De multiples vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS (COS) ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

DHCP est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant distant de provoquer un déni de service et d'exécuter du code arbitraire (CVE-2011-0997) ;
glibc est mise à jour pour corriger de multiples vulnérabilités exploitables localement (CVE 2010-0296, CVE-2011-0536, CVE-2011-997 et CVE-2011-1071).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware fourni pour l'instant des correctifs pour la version 4.1 d'ESX. Les correctifs pour les versions 4.0 et 3.5 ont été annoncés.

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX 3.0.x ;
VMware	N/A	VMware ESX 4.1.x.
VMware	N/A	VMware ESX 3.5.x ;
VMware	N/A	VMware ESX 4.0.x ;

References

Title

Publication Time

Tags

Avis de sécurité VMware VMSA-2011-0010 du 28 juillet 2011	None	vendor-advisory
Avis CERTA CERTA-2011-AVI-193 :	-	other
Avis CERTA CERTA-2011-AVI-190 :	-	other
Bulletin de sécurité VMware VMSA-2011-0010 du 28 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX 3.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.1.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   DHCP est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    utilisateur malveillant distant de provoquer un d\u00e9ni de service et\n    d\u0027ex\u00e9cuter du code arbitraire (CVE-2011-0997) ;\n-   glibc est mise \u00e0 jour pour corriger de multiples vuln\u00e9rabilit\u00e9s\n    exploitables localement (CVE 2010-0296, CVE-2011-0536, CVE-2011-997\n    et CVE-2011-1071).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nVMware fourni pour l\u0027instant des correctifs pour la version 4.1 d\u0027ESX.\nLes correctifs pour les versions 4.0 et 3.5 ont \u00e9t\u00e9 annonc\u00e9s.\n",
  "cves": [
    {
      "name": "CVE-2010-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
    },
    {
      "name": "CVE-2011-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
    },
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2011-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
    }
  ],
  "initial_release_date": "2011-08-01T00:00:00",
  "last_revision_date": "2011-08-01T00:00:00",
  "links": [
    {
      "title": "Avis CERTA CERTA-2011-AVI-193 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-193/"
    },
    {
      "title": "Avis CERTA CERTA-2011-AVI-190 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-190/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0010 du 28 juillet    2011 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0010.html"
    }
  ],
  "reference": "CERTA-2011-AVI-423",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\nVMware ESX Console OS \u003cspan class=\"textit\"\u003e(COS)\u003c/span\u003e ont \u00e9t\u00e9\ncorrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 VMware VMSA-2011-0010 du 28 juillet 2011",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-344

Vulnerability from certfr_avis - Published: 2016-10-13 - Updated: 2016-10-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Junos OS avec J-Web activé versions antérieures à 12.1X44-D60, 12.1X46-D40, 12.1X47-D30, 12.3R11, 12.3X48-D20, 13.2X51-D39, 13.2X51-D40, 13.3R9, 14.1R6, 14.2R6, 15.1R3, 15.1X49-D20 et 16.1R1
Juniper Networks	Junos OS	Junos OS avec IPv6 versions antérieures à 11.4R13, 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, 12.3R9 et 13.3R5
Juniper Networks	N/A	vMX versions antérieures à 14.1R8, 15.1F6 et 16.1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R9, 14.1R7, 14.1X53-D40, 14.1X55-D35, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D70, 16.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10763 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10764 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10766 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10762 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10761 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10760 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10767 du 13 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.1X44-D60, 12.1X46-D40, 12.1X47-D30, 12.3R11, 12.3X48-D20, 13.2X51-D39, 13.2X51-D40, 13.3R9, 14.1R6, 14.2R6, 15.1R3, 15.1X49-D20 et 16.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec IPv6 versions ant\u00e9rieures \u00e0 11.4R13, 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, 12.3R9 et 13.3R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "vMX versions ant\u00e9rieures \u00e0 14.1R8, 15.1F6 et 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R9, 14.1R7, 14.1X53-D40, 14.1X55-D35, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D70, 16.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4926"
    },
    {
      "name": "CVE-2013-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
    },
    {
      "name": "CVE-2013-5606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5606"
    },
    {
      "name": "CVE-2011-2749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2749"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-4925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4925"
    },
    {
      "name": "CVE-2016-4931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4931"
    },
    {
      "name": "CVE-2013-1739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1739"
    },
    {
      "name": "CVE-2013-5605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5605"
    },
    {
      "name": "CVE-2016-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4921"
    },
    {
      "name": "CVE-2013-5607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5607"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2016-4927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4927"
    },
    {
      "name": "CVE-2014-1491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1491"
    },
    {
      "name": "CVE-2014-1492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1492"
    },
    {
      "name": "CVE-2016-4928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4928"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2016-4922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4922"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2011-2748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2748"
    },
    {
      "name": "CVE-2015-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
    },
    {
      "name": "CVE-2015-5366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5366"
    },
    {
      "name": "CVE-2014-1490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1490"
    },
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    },
    {
      "name": "CVE-2016-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4924"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2013-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2596"
    },
    {
      "name": "CVE-2012-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3571"
    },
    {
      "name": "CVE-2015-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
    },
    {
      "name": "CVE-2016-4929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4929"
    },
    {
      "name": "CVE-2016-4930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4930"
    },
    {
      "name": "CVE-2015-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2151"
    },
    {
      "name": "CVE-2014-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1545"
    },
    {
      "name": "CVE-2016-4923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4923"
    }
  ],
  "initial_release_date": "2016-10-13T00:00:00",
  "last_revision_date": "2016-10-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-344",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10763 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10763\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10764 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10764\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10766 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10766\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10762 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10762\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10761 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10760 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10760\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10767 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10767\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2011-AVI-638

Vulnerability from certfr_avis - Published: 2011-11-15 - Updated: 2011-11-15

Un défaut de configuration dans les produits cités plus haut pourrait permettre à une personne malveillante de prendre le contrôle total du système à distance.

Description

Les dispositifs Tanberg possèdent leur compte administrateur (root) activé par défaut, sans mot de passe, ce qui était initialement prévu pour des tâches de déboguage mais non nécessaire lors des opérations normales.

Certains dispositifs Cisco TelePresence ont été distribués avec une configuration non sécurisée. La vulnérabilité est due à un échec de restauration de la configuration par défaut après avoir fait des tests et configuré des options. Ces dispositifs pourraient avoir leur compte administrateur (root) activé et configuré avec un mot de passe connu.

Une personne malveillante pourrait prendre le contrôle total d'un de ces systèmes à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco TelePresence System Integrator C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;
Cisco	N/A	Cisco TelePresence Quick Set avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;
Cisco	N/A	Tandberg E, EX et C Series Endpoints avec les versions logicielles antérieures à TC4.0.
Cisco	N/A	Cisco TelePresence Ex C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20110202-tandberg	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20111109-telepresence-c-ex-series	None	vendor-advisory
Bulletin de sécurité Cisco 20111109-telepresence-c-ex-series du 09 novembre 2011 :	-	other
Bulletin de sécurité Cisco 20110202 du 2 février 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco TelePresence System Integrator C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Quick Set avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Tandberg E, EX et C Series Endpoints avec les versions logicielles ant\u00e9rieures \u00e0 TC4.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Ex C Series avec les versions logicielles TC4.0, TC4.1 ou TC4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes dispositifs Tanberg poss\u00e8dent leur compte administrateur (root)\nactiv\u00e9 par d\u00e9faut, sans mot de passe, ce qui \u00e9tait initialement pr\u00e9vu\npour des t\u00e2ches de d\u00e9boguage mais non n\u00e9cessaire lors des op\u00e9rations\nnormales.\n\nCertains dispositifs Cisco TelePresence ont \u00e9t\u00e9 distribu\u00e9s avec une\nconfiguration non s\u00e9curis\u00e9e. La vuln\u00e9rabilit\u00e9 est due \u00e0 un \u00e9chec de\nrestauration de la configuration par d\u00e9faut apr\u00e8s avoir fait des tests\net configur\u00e9 des options. Ces dispositifs pourraient avoir leur compte\nadministrateur (root) activ\u00e9 et configur\u00e9 avec un mot de passe connu.\n\nUne personne malveillante pourrait prendre le contr\u00f4le total d\u0027un de ces\nsyst\u00e8mes \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    },
    {
      "name": "CVE-2011-0354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0354"
    }
  ],
  "initial_release_date": "2011-11-15T00:00:00",
  "last_revision_date": "2011-11-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco    20111109-telepresence-c-ex-series du 09 novembre 2011 :",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111109-telepresence-c-ex-series"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110202 du 2 f\u00e9vrier 2011 :",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110202-tandberg"
    }
  ],
  "reference": "CERTA-2011-AVI-638",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Un d\u00e9faut de configuration dans les produits cit\u00e9s plus haut pourrait\npermettre \u00e0 une personne malveillante de prendre le contr\u00f4le total du\nsyst\u00e8me \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans des produits Cisco TelePresence et Tandberg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20110202-tandberg",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20111109-telepresence-c-ex-series",
      "url": null
    }
  ]
}

CERTA-2011-AVI-190

Vulnerability from certfr_avis - Published: 2011-04-06 - Updated: 2011-04-27

Une vulnérabilité dans le logiciel libre DHCP développé par l'Internet System Consortium permet à un attaquant d'exécuter du code arbitraire à distance.

Description

Le logiciel libre DHCP développé par l'Internet System Consortium ne verifie pas la présence de certains caractères dans les réponses DHCP avant de les transmettre à un script. Il est donc possible, selon le script et le système d'exploitation cible, d'exécuter des commandes avec une réponse DHCP spécialement conçue.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ISC	N/A	DHCP versions 4.2.x antérieures à 4.2.1-P1 ;
ISC	N/A	DHCP versions 4.1.x antérieures à 4.1.ESV-R2 ;
ISC	N/A	DHCP versions 3.1.x antérieures à 3.1.ESV-R1.

References

Title

Publication Time

Tags

Bulletin de l'ISC CVE-2011-0997 du 05 avril 2011	None	vendor-advisory
Bulletin de sécurité NetBSD NetBSD-SA2011-005 du 26 avril 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-4897 du 06 avril 2011 :	-	other
Bulletins de sécurité Debian DSA-2216 et 2217 du 10 avril 2011 :	-	other
Bulletin de sécurité Red Hat du 05 avril 2011 :	-	other
Bulletin de sécurité Mandriva MDVSA-2011:073 du 11 avril 2011 :	-	other
Bulletin de sécurité Ubuntu USN-1108-1 du 11 avril 2011 :	-	other
Bulletin de sécurité Novell :	-	other
Bulletins de sécurité Debian DSA-2216 et 2217 du 10 avril 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-4935 du 07 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "DHCP versions 4.2.x ant\u00e9rieures \u00e0 4.2.1-P1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "DHCP versions 4.1.x ant\u00e9rieures \u00e0 4.1.ESV-R2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "DHCP versions 3.1.x ant\u00e9rieures \u00e0 3.1.ESV-R1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe logiciel libre DHCP d\u00e9velopp\u00e9 par l\u0027Internet System Consortium ne\nverifie pas la pr\u00e9sence de certains caract\u00e8res dans les r\u00e9ponses DHCP\navant de les transmettre \u00e0 un script. Il est donc possible, selon le\nscript et le syst\u00e8me d\u0027exploitation cible, d\u0027ex\u00e9cuter des commandes avec\nune r\u00e9ponse DHCP sp\u00e9cialement con\u00e7ue.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    }
  ],
  "initial_release_date": "2011-04-06T00:00:00",
  "last_revision_date": "2011-04-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 NetBSD NetBSD-SA2011-005 du 26 avril    2011 :",
      "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-005.txt.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-4897 du 06 avril    2011 :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Debian DSA-2216 et 2217 du 10 avril    2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2216"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat du 05 avril 2011 :",
      "url": "https://www.redhat.com/security/data/cve/CVE-2011-0997.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2011:073 du 11 avril    2011 :",
      "url": "http://www.mandriva.com/fr/support/security/advisories?name=MDVSA-2011:073"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1108-1 du 11 avril 2011 :",
      "url": "http://www.ubuntu.com/usn/USN-1108-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Novell :",
      "url": "http://support.novell.com/security/cve/CVE-2011-0997.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Debian DSA-2216 et 2217 du 10 avril    2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2217"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-4935 du 07 avril    2011 :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
    }
  ],
  "reference": "CERTA-2011-AVI-190",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-06T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 Red Hat et Novell.",
      "revision_date": "2011-04-11T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 Debian, Fedora, Mandriva, NetBSD et Ubuntu.",
      "revision_date": "2011-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le logiciel libre DHCP d\u00e9velopp\u00e9 par l\u0027Internet\nSystem Consortium permet \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le client DHCP ISC",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de l\u0027ISC CVE-2011-0997 du 05 avril 2011",
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
    }
  ]
}

GHSA-HHCJ-97JG-V79C

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2025-04-11 03:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-08T15:17:00Z",
    "severity": "HIGH"
  },
  "details": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",
  "id": "GHSA-hhcj-97jg-v79c",
  "modified": "2025-04-11T03:45:48Z",
  "published": "2022-05-13T01:27:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0997"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37623"
    },
    {
      "type": "WEB",
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44037"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44048"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44089"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44090"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44103"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44127"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44180"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025300"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2216"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2217"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/107886"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/71493"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47176"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1108-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0879"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0886"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0909"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0915"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0926"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0965"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/1000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-0997

Vulnerability from fkie_nvd - Published: 2011-04-08 15:17 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761	Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html	Mailing List, Third Party Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=133226187115472&w=2	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44037	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44048	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44089	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44090	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44103	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44127	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/44180	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201301-06.xml	Third Party Advisory
cve@mitre.org	http://securitytracker.com/id?1025300	Third Party Advisory, VDB Entry
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2011/dsa-2216	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2011/dsa-2217	Third Party Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/107886	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:073	Third Party Advisory
cve@mitre.org	http://www.osvdb.org/71493	Broken Link
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0428.html	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0840.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/47176	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/USN-1108-1	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0879	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0886	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0909	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0915	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0926	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0965	Permissions Required
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1000	Permissions Required
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=689832	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66580	Third Party Advisory, VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/37623/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.isc.org/software/dhcp/advisories/cve-2011-0997	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133226187115472&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44037	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44048	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44089	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44090	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44103	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44127	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44180	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201301-06.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025300	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2216	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2217	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/107886	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:073	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/71493	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0428.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0840.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47176	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1108-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0879	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0886	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0909	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0915	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0926	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0965	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1000	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=689832	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66580	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/37623/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.isc.org/software/dhcp/advisories/cve-2011-0997	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
isc	dhcp	3.0
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.1
isc	dhcp	3.0.2
isc	dhcp	3.0.2
isc	dhcp	3.0.2
isc	dhcp	3.0.2
isc	dhcp	3.0.2
isc	dhcp	3.0.3
isc	dhcp	3.0.3
isc	dhcp	3.0.3
isc	dhcp	3.0.3
isc	dhcp	3.0.4
isc	dhcp	3.0.4
isc	dhcp	3.0.4
isc	dhcp	3.0.4
isc	dhcp	3.0.4
isc	dhcp	3.0.5
isc	dhcp	3.0.5
isc	dhcp	3.0.6
isc	dhcp	3.1-esv
isc	dhcp	3.1.0
isc	dhcp	3.1.0
isc	dhcp	3.1.0
isc	dhcp	3.1.0
isc	dhcp	3.1.0
isc	dhcp	3.1.0
isc	dhcp	3.1.0
isc	dhcp	3.1.1
isc	dhcp	3.1.1
isc	dhcp	3.1.2
isc	dhcp	3.1.2
isc	dhcp	3.1.2
isc	dhcp	3.1.3
isc	dhcp	3.1.3
isc	dhcp	3.1.3
isc	dhcp	4.1-esv
isc	dhcp	4.1-esv
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.0
isc	dhcp	4.2.1
isc	dhcp	4.2.1
isc	dhcp	4.2.1
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "648BBC1F-1792-443F-B625-67A05004EB7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "EA086AC5-9ADF-4EF9-9534-B1C78CD7A56C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E94449B-6FB0-4E4D-9D92-144A1C474761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
              "matchCriteriaId": "6824B249-D222-4F29-8C29-E92071F12621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
              "matchCriteriaId": "2F7A3F32-C297-4331-9B8D-1CF8F3D32315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
              "matchCriteriaId": "B4959ABA-9F2E-4003-9566-DBE3177AE233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
              "matchCriteriaId": "0CE2A3CA-EFB6-4547-BED8-CAC39156F10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
              "matchCriteriaId": "5DE205EE-F708-4E4A-A861-EBF6D3C062F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BD8EBBF0-A61B-4FF0-B055-9BA2A21617A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "B3141202-993D-4E80-9EAD-ACA6C1343D6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "6E0768D1-37D3-4C17-A3A9-94EA237392AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "F167B922-DD9E-4DD1-BB8F-B232711BACCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "4E23602E-FFA1-49E2-BF4C-BC5D074517B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "8DA200FE-D261-4532-AC63-1208611AFE46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "46030C9F-C817-4ACA-A89D-8CCD4DE97B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "0A3649A4-BA40-4D8A-AB7C-AE1584459DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9ADC8A14-E847-4CC5-8FA5-522883DE324F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CAA0C26C-9B0A-4ACB-9BD7-413F94948545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "2DC6FA47-1F41-465D-8EAD-8116643ADAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "87CBA8DD-650D-4A67-924C-B108CEE74BB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
              "matchCriteriaId": "5D71C1AA-E5F7-454B-9267-FE23E1C2AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
              "matchCriteriaId": "6D521DF6-AED8-40FA-B183-D469100B8B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
              "matchCriteriaId": "BD90F626-AC37-491A-A59D-11307D73E27A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "F59B80F0-2FD5-461B-91C7-966BAFB5AB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
              "matchCriteriaId": "34D8DF2C-387B-4880-9832-15583272E151",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
              "matchCriteriaId": "FD78CE26-475D-4D8B-8625-CAE850F6E876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
              "matchCriteriaId": "9338F9AA-41F0-470E-BB49-C1A395376DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6297233D-6C25-4A10-8F0A-79A8452ABAD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "0AC6F4D8-DD42-49F6-994C-75EFA888FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B9D5A562-AEB5-41D8-9137-65B3100B1F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5AD8F74D-3F4B-4E25-92C9-D20C63B4B77E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7928AD6-4E2D-414D-A7E2-6DFB559CA1CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "CD9AE49C-C152-4D0D-AB08-938F54631909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "7528512B-66EC-4B2C-9158-34199C4A5FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "106F8860-B068-4B68-8734-206BFD401C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
              "matchCriteriaId": "240D0880-DC35-41A6-B4F2-F9B73DF4AF59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6643B661-0253-4036-88D7-AF70B610B627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "EFD04E6D-B418-4BCB-A3A1-CDFDEC271497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7CA10784-1F4A-459B-8FFE-47E9993A63AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF53110-2163-4474-81AC-846E8D502EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "60FEE70E-514D-4481-A9AE-89FBF9E90AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "B571E882-C976-4156-BE03-96E52EA7463C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
              "matchCriteriaId": "F7A01E62-5C0B-4CB7-B1A3-A60269D901E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D25667FF-3EDC-4238-ADF5-25EFA4D88EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "B954F84E-1046-4A9F-AF86-7E62FDE88C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
              "matchCriteriaId": "D60C4CBE-C104-4A12-B7DD-AFBB2C1C21AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E4033956-E928-42F7-97E9-A2357CEACEE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
              "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3120B566-2BB6-4A1F-9ED7-E099E2870919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "150D46FA-873E-4E4F-8192-BCA1076994D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "56113AB6-8295-4EB7-A003-79049FBB8B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "362DA97E-B940-4649-803F-26D8C1D16DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "950A6BA0-C348-4B89-8C18-F2AFA467649F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "9088D042-F104-4F31-AEBB-75F5A0F03AE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F159908A-00E7-4EC8-8342-28182F547C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1C49DF07-9612-43C7-9771-B76487B4A9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "5C6D8D55-DCD2-4E70-B3C6-76F2134DA336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "C0F06FC0-6477-4589-B9CB-24B1F893EF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6CCA07EB-B0CB-40EE-B62E-DB4C408717B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
    },
    {
      "lang": "es",
      "value": "dhclient en ISC DHCP 3.0.x hasta la versi\u00f3n 4.2.x en versiones anteriores a 4.2.1-P1, 3.1-ESV en versiones anteriores a 3.1-ESV-R1 y 4.1-ESV en versiones anteriores a 4.1-ESV-R2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en un nombre de anfitri\u00f3n obtenido de un mensaje DHCP, como es demostrado por un nombre de anfitri\u00f3n dado por dhclient-script."
    }
  ],
  "id": "CVE-2011-0997",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-08T15:17:27.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44037"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44048"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44089"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44090"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44127"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1025300"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2217"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/107886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/71493"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/47176"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1108-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0879"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0909"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0926"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0965"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1000"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37623/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/44180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1025300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2011/dsa-2217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/107886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/71493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/47176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/1000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37623/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-0997

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0997

Aliases

CVE-2011-0997

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0997",
    "description": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",
    "id": "GSD-2011-0997",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-0997.html",
      "https://www.debian.org/security/2011/dsa-2217",
      "https://www.debian.org/security/2011/dsa-2216",
      "https://access.redhat.com/errata/RHSA-2011:0840",
      "https://access.redhat.com/errata/RHSA-2011:0428",
      "https://linux.oracle.com/cve/CVE-2011-0997.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0997"
      ],
      "details": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",
      "id": "GSD-2011-0997",
      "modified": "2023-12-13T01:19:04.556751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-0997",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "47176",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47176"
          },
          {
            "name": "ADV-2011-0886",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0886"
          },
          {
            "name": "44103",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44103"
          },
          {
            "name": "RHSA-2011:0840",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
          },
          {
            "name": "44037",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44037"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=689832",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
          },
          {
            "name": "ADV-2011-0926",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0926"
          },
          {
            "name": "HPSBMU02752",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "name": "44127",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44127"
          },
          {
            "name": "MDVSA-2011:073",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
          },
          {
            "name": "SSRT100802",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
          },
          {
            "name": "ADV-2011-0909",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0909"
          },
          {
            "name": "oval:org.mitre.oval:def:12812",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
          },
          {
            "name": "71493",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/71493"
          },
          {
            "name": "44090",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44090"
          },
          {
            "name": "44048",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44048"
          },
          {
            "name": "FEDORA-2011-4934",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
          },
          {
            "name": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997",
            "refsource": "CONFIRM",
            "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
          },
          {
            "name": "iscdhcp-dhclient-command-execution(66580)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
          },
          {
            "name": "ADV-2011-0879",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0879"
          },
          {
            "name": "VU#107886",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/107886"
          },
          {
            "name": "1025300",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025300"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "SSA:2011-097-01",
            "refsource": "SLACKWARE",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
          },
          {
            "name": "ADV-2011-1000",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/1000"
          },
          {
            "name": "ADV-2011-0915",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0915"
          },
          {
            "name": "ADV-2011-0965",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0965"
          },
          {
            "name": "37623",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/37623/"
          },
          {
            "name": "GLSA-201301-06",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
          },
          {
            "name": "44180",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44180"
          },
          {
            "name": "DSA-2217",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2217"
          },
          {
            "name": "USN-1108-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1108-1"
          },
          {
            "name": "DSA-2216",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2216"
          },
          {
            "name": "FEDORA-2011-4897",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
          },
          {
            "name": "RHSA-2011:0428",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
          },
          {
            "name": "44089",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44089"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0997"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44037",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44037"
            },
            {
              "name": "71493",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/71493"
            },
            {
              "name": "ADV-2011-0879",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0879"
            },
            {
              "name": "1025300",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1025300"
            },
            {
              "name": "47176",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/47176"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=689832",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=689832"
            },
            {
              "name": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-0997"
            },
            {
              "name": "VU#107886",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/107886"
            },
            {
              "name": "44048",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44048"
            },
            {
              "name": "44127",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44127"
            },
            {
              "name": "FEDORA-2011-4897",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html"
            },
            {
              "name": "44089",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44089"
            },
            {
              "name": "RHSA-2011:0428",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0428.html"
            },
            {
              "name": "ADV-2011-0915",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0915"
            },
            {
              "name": "44103",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44103"
            },
            {
              "name": "DSA-2217",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2217"
            },
            {
              "name": "MDVSA-2011:073",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:073"
            },
            {
              "name": "ADV-2011-0965",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0965"
            },
            {
              "name": "44090",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44090"
            },
            {
              "name": "FEDORA-2011-4934",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html"
            },
            {
              "name": "44180",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/44180"
            },
            {
              "name": "ADV-2011-0926",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0926"
            },
            {
              "name": "SSA:2011-097-01",
              "refsource": "SLACKWARE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593345"
            },
            {
              "name": "DSA-2216",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2216"
            },
            {
              "name": "ADV-2011-0886",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0886"
            },
            {
              "name": "ADV-2011-0909",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0909"
            },
            {
              "name": "USN-1108-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1108-1"
            },
            {
              "name": "ADV-2011-1000",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1000"
            },
            {
              "name": "RHSA-2011:0840",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0840.html"
            },
            {
              "name": "HPSBMU02752",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=133226187115472\u0026w=2"
            },
            {
              "name": "GLSA-201301-06",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "iscdhcp-dhclient-command-execution(66580)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66580"
            },
            {
              "name": "37623",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/37623/"
            },
            {
              "name": "oval:org.mitre.oval:def:12812",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-04-01T13:07Z",
      "publishedDate": "2011-04-08T15:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0997 (GCVE-0-2011-0997)

Description

Solution

Description

Solution

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature