CVE-2011-1930

Severity

98%

Complexity

39%

Confidentiality

98%

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Debian Linux

First reported 5 years ago

2019-11-14 03:15:00

Last updated 5 years ago

2019-11-19 21:46:00

Affected Software

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

Debian Linux 10

10

References

http://security.gentoo.org/glsa/glsa-201309-21.xml

Third Party Advisory

http://www.openwall.com/lists/oss-security/2012/05/22/12

Mailing List, Third Party Advisory

http://www.securityfocus.com/bid/47924

Third Party Advisory, VDB Entry

https://access.redhat.com/security/cve/cve-2011-1930

Not Applicable, Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-1930

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.