1
PublicDateAtUSN: 2011-04-08
2
Candidate: CVE-2011-0997
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
6
http://www.isc.org/software/dhcp/advisories/cve-2011-0997
7
https://usn.ubuntu.com/usn/usn-1108-1
9
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before
10
3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to
11
execute arbitrary commands via shell metacharacters in a hostname obtained
12
from a DHCP message, as demonstrated by a hostname that is provided to
16
mdeslaur> a couple of fixes post isc release are included in redhat's bug
17
mdeslaur> patches are from Marius Tomaschewski
19
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0997
20
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621099
22
Discovered-by: Sebastian Krahmer
26
upstream_dhcp3: released (3.1-ESV-R1)
27
dapper_dhcp3: released (3.0.3-6ubuntu7.2)
28
hardy_dhcp3: released (3.0.6.dfsg-1ubuntu9.2)
29
karmic_dhcp3: released (3.1.2-1ubuntu7.2)
30
lucid_dhcp3: released (3.1.3-2ubuntu3.1)
31
maverick_dhcp3: released (3.1.3-2ubuntu6.1)
32
devel_dhcp3: released (3.1.3-2ubuntu7)
35
upstream_isc-dhcp: released (4.2.1-P1)
40
maverick_isc-dhcp: DNE
41
devel_isc-dhcp: released (4.1.1-P1-15ubuntu7)