CVE-2011-0997

Publication date 8 April 2011

Last updated 24 July 2024

Ubuntu priority

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
dhcp3	10.10 maverick	Fixed 3.1.3-2ubuntu6.1
	10.04 LTS lucid	Fixed 3.1.3-2ubuntu3.1
	9.10 karmic	Fixed 3.1.2-1ubuntu7.2
	8.04 LTS hardy	Fixed 3.0.6.dfsg-1ubuntu9.2
	6.06 LTS dapper	Fixed 3.0.3-6ubuntu7.2
isc-dhcp	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Notes

mdeslaur

a couple of fixes post isc release are included in redhat’s bug patches are from Marius Tomaschewski

CVE-2011-0997

Status

Notes

mdeslaur

References

Related Ubuntu Security Notices (USN)

Other references