Executive Summary
Summary | |
---|---|
Title | dhcp security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0428 | First vendor Publication | 2011-04-08 |
Vendor | RedHat | Last vendor Modification | 2011-04-08 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. All dhclient users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0428.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12032 | |||
Oval ID: | oval:org.mitre.oval:def:12032 | ||
Title: | DSA-2216-1 isc-dhcp -- missing input sanitisation | ||
Description: | Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2216-1 CVE-2011-0997 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | isc-dhcp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12297 | |||
Oval ID: | oval:org.mitre.oval:def:12297 | ||
Title: | DSA-2217-1 dhcp3 -- missing input sanitisation | ||
Description: | Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2217-1 CVE-2011-0997 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dhcp3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12812 | |||
Oval ID: | oval:org.mitre.oval:def:12812 | ||
Title: | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0997 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13937 | |||
Oval ID: | oval:org.mitre.oval:def:13937 | ||
Title: | USN-1108-2 -- dhcp3 vulnerability | ||
Description: | dhcp3: DHCP Client Details: USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem. Original advisory An attacker�s DHCP server could send crafted responses to your computer and cause it to run programs as root. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1108-2 CVE-2011-0997 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | dhcp3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20394 | |||
Oval ID: | oval:org.mitre.oval:def:20394 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0997 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21712 | |||
Oval ID: | oval:org.mitre.oval:def:21712 | ||
Title: | RHSA-2011:0428: dhcp security update (Important) | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0428-01 CVE-2011-0997 CESA-2011:0428-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | dhcp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23459 | |||
Oval ID: | oval:org.mitre.oval:def:23459 | ||
Title: | ELSA-2011:0428: dhcp security update (Important) | ||
Description: | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0428-01 CVE-2011-0997 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | dhcp |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for dhclient CESA-2011:0428 centos4 x86_64 File : nvt/gb_CESA-2011_0428_dhclient_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for dhclient CESA-2011:0428 centos5 x86_64 File : nvt/gb_CESA-2011_0428_dhclient_centos5_x86_64.nasl |
2011-09-12 | Name : Fedora Update for dhcp FEDORA-2011-10705 File : nvt/gb_fedora_2011_10705_dhcp_fc14.nasl |
2011-08-09 | Name : CentOS Update for dhclient CESA-2011:0428 centos5 i386 File : nvt/gb_CESA-2011_0428_dhclient_centos5_i386.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2216-1 (isc-dhcp) File : nvt/deb_2216_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2217-1 (dhcp3) File : nvt/deb_2217_1.nasl |
2011-05-12 | Name : FreeBSD Ports: isc-dhcp31-client File : nvt/freebsd_isc-dhcp31-client0.nasl |
2011-05-10 | Name : Ubuntu Update for dhcp3 USN-1108-2 File : nvt/gb_ubuntu_USN_1108_2.nasl |
2011-04-21 | Name : Fedora Update for dhcp FEDORA-2011-0848 File : nvt/gb_fedora_2011_0848_dhcp_fc13.nasl |
2011-04-19 | Name : Fedora Update for dhcp FEDORA-2011-4897 File : nvt/gb_fedora_2011_4897_dhcp_fc14.nasl |
2011-04-19 | Name : Mandriva Update for dhcp MDVSA-2011:073 (dhcp) File : nvt/gb_mandriva_MDVSA_2011_073.nasl |
2011-04-19 | Name : Ubuntu Update for dhcp3 vulnerability USN-1108-1 File : nvt/gb_ubuntu_USN_1108_1.nasl |
2011-04-11 | Name : CentOS Update for dhclient CESA-2011:0428 centos4 i386 File : nvt/gb_CESA-2011_0428_dhclient_centos4_i386.nasl |
2011-04-11 | Name : RedHat Update for dhcp RHSA-2011:0428-01 File : nvt/gb_RHSA-2011_0428-01_dhcp.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-097-01 dhcp File : nvt/esoft_slk_ssa_2011_097_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71493 | ISC DHCP dhclient Response Handling Metacharacter Shell Command Execution ISC DHCP contains a flaw related to the dhclient-script script failing to properly strip shell meta-characters when processing responses from DHCP servers. This may allow a remote attacker to use a crafted hostname response to execute arbitrary shell commands. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-08-04 | IAVM : 2011-A-0108 - Multiple Vulnerabilities in VMware ESX Service Console Severity : Category I - VMSKEY : V0029562 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-31 | ISC DHCP command injection attempt RuleID : 50831 - Revision : 1 - Type : SERVER-OTHER |
2019-08-31 | ISC DHCP command injection attempt RuleID : 50830 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0058.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13219.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_dhcp-110406.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dhcpcd-110411.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_dhcp-110406.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0428.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-06.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110408_dhcp_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp6-7465.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-7451.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-7430.nasl - Type : ACT_GATHER_INFO |
2011-11-16 | Name : The remote network device is affected by an arbitrary code execution vulnerab... File : airport_firmware_7_6.nasl - Type : ACT_GATHER_INFO |
2011-09-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-10705.nasl - Type : ACT_GATHER_INFO |
2011-08-01 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0010.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1108-2.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-097-01.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_dhcp-110406.nasl - Type : ACT_GATHER_INFO |
2011-05-04 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12697.nasl - Type : ACT_GATHER_INFO |
2011-04-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp6-7464.nasl - Type : ACT_GATHER_INFO |
2011-04-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0848.nasl - Type : ACT_GATHER_INFO |
2011-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4934.nasl - Type : ACT_GATHER_INFO |
2011-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dhcp-7456.nasl - Type : ACT_GATHER_INFO |
2011-04-13 | Name : The remote Fedora host is missing a security update. File : fedora_2011-4897.nasl - Type : ACT_GATHER_INFO |
2011-04-13 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_dhcpv6-110401.nasl - Type : ACT_GATHER_INFO |
2011-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1108-1.nasl - Type : ACT_GATHER_INFO |
2011-04-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-073.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0428.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7e69f00d632a11e09f3a001d092480a4.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_dhcp-110407.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12699.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12698.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2217.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2216.nasl - Type : ACT_GATHER_INFO |
2011-04-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0428.nasl - Type : ACT_GATHER_INFO |
2011-04-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12696.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:35 |
|