CVE-2011-0997

Published: 08 April 2011

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Priority

Medium

Status

Package Release Status
dhcp3
Launchpad, Ubuntu, Debian 		Upstream
Released (3.1-ESV-R1)
isc-dhcp
Launchpad, Ubuntu, Debian 		Upstream
Released (4.2.1-P1)

Notes

AuthorNote
mdeslaur 
a couple of fixes post isc release are included in redhat's bug
patches are from Marius Tomaschewski

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading