ubuntu · CVE-2011-0997

Quick triage

Priority: medium Published: 2011-04-08 00:00:00 UTC Updated: 2025-05-26 12:47:29 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-0997 medium priority: Ubuntu including 2 source packages (dhcp3, isc-dhcp), 12 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): released 7, DNE 5.

Description:

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

cvelogic Threat Intelligence