Your submission was sent successfully! Close

CVE-2011-1930

Published: 14 November 2019

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
klibc
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Not vulnerable
(1.5.22-1ubuntu2)
precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

trusty Not vulnerable

upstream
Released (1.5.22-1)
utopic Not vulnerable

vivid Not vulnerable