Unrated severityNVD Advisory· Published Apr 8, 2011· Updated Apr 29, 2026
CVE-2011-0997
CVE-2011-0997
Description
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Affected products
67cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*+ 58 more
- cpe:2.3:a:isc:dhcp:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc10:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc11:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc12:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc13:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc14:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc8:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.1:rc9:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.2:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.3:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.5:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.0.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1-esv:*:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.2:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.3:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:3.1.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.1-esv:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:-:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:dhcp:4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
35- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- www.isc.org/software/dhcp/advisories/cve-2011-0997nvdPatchVendor Advisory
- kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/44037nvdThird Party Advisory
- secunia.com/advisories/44048nvdThird Party Advisory
- secunia.com/advisories/44089nvdThird Party Advisory
- secunia.com/advisories/44090nvdThird Party Advisory
- secunia.com/advisories/44103nvdThird Party Advisory
- secunia.com/advisories/44127nvdThird Party Advisory
- secunia.com/advisories/44180nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201301-06.xmlnvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- slackware.com/security/viewer.phpnvdThird Party Advisory
- www.debian.org/security/2011/dsa-2216nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2217nvdThird Party Advisory
- www.kb.cert.org/vuls/id/107886nvdThird Party AdvisoryUS Government Resource
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-0428.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-0840.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/47176nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1108-1nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/66580nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812nvdThird Party Advisory
- www.exploit-db.com/exploits/37623/nvdThird Party AdvisoryVDB Entry
- www.osvdb.org/71493nvdBroken Link
- www.vupen.com/english/advisories/2011/0879nvdPermissions Required
- www.vupen.com/english/advisories/2011/0886nvdPermissions Required
- www.vupen.com/english/advisories/2011/0909nvdPermissions Required
- www.vupen.com/english/advisories/2011/0915nvdPermissions Required
- www.vupen.com/english/advisories/2011/0926nvdPermissions Required
- www.vupen.com/english/advisories/2011/0965nvdPermissions Required
- www.vupen.com/english/advisories/2011/1000nvdPermissions Required
News mentions
0No linked articles in our index yet.