CVE-2011-0997 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
isc	dhcp	3.0
isc	dhcp	3.0.1
isc	dhcp	3.0.1:rc1
isc	dhcp	3.0.1:rc10
isc	dhcp	3.0.1:rc11
isc	dhcp	3.0.1:rc12
isc	dhcp	3.0.1:rc13
isc	dhcp	3.0.1:rc14
isc	dhcp	3.0.1:rc2
isc	dhcp	3.0.1:rc5
isc	dhcp	3.0.1:rc6
isc	dhcp	3.0.1:rc7
isc	dhcp	3.0.1:rc8
isc	dhcp	3.0.1:rc9
isc	dhcp	3.0.2
isc	dhcp	3.0.2:b1
isc	dhcp	3.0.2:rc1
isc	dhcp	3.0.2:rc2
isc	dhcp	3.0.2:rc3
isc	dhcp	3.0.3
isc	dhcp	3.0.3:b1
isc	dhcp	3.0.3:b2
isc	dhcp	3.0.3:b3
isc	dhcp	3.0.4
isc	dhcp	3.0.4:b1
isc	dhcp	3.0.4:b2
isc	dhcp	3.0.4:b3
isc	dhcp	3.0.4:rc1
isc	dhcp	3.0.5
isc	dhcp	3.0.5:rc1
isc	dhcp	3.0.6:rc1
isc	dhcp	3.1-esv
isc	dhcp	3.1.0
isc	dhcp	3.1.0:a1
isc	dhcp	3.1.0:a2
isc	dhcp	3.1.0:a3
isc	dhcp	3.1.0:b1
isc	dhcp	3.1.0:b2
isc	dhcp	3.1.0:rc1
isc	dhcp	3.1.1:rc1
isc	dhcp	3.1.1:rc2
isc	dhcp	3.1.2
isc	dhcp	3.1.2:b1
isc	dhcp	3.1.2:rc1
isc	dhcp	3.1.3
isc	dhcp	3.1.3:b1
isc	dhcp	3.1.3:rc1
isc	dhcp	4.1-esv
isc	dhcp	4.1-esv:rc1
isc	dhcp	4.2.0
isc	dhcp	4.2.0:a1
isc	dhcp	4.2.0:a2
isc	dhcp	4.2.0:b1
isc	dhcp	4.2.0:b2
isc	dhcp	4.2.0:p1
isc	dhcp	4.2.0:rc1
isc	dhcp	4.2.1
isc	dhcp	4.2.1:b1
isc	dhcp	4.2.1:rc1
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

isc-dhcp

bullseye	4.4.1-2.3+deb11u2 fixed
bullseye (security)	4.4.1-2.3+deb11u1 fixed
bookworm	4.4.3-P1-2 fixed
sid	4.4.3-P1-5 fixed
trixie	4.4.3-P1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

dhcp3

maverick	Fixed 3.1.3-2ubuntu6.1 released
lucid	Fixed 3.1.3-2ubuntu3.1 released
karmic	Fixed 3.1.2-1ubuntu7.2 released
hardy	Fixed 3.0.6.dfsg-1ubuntu9.2 released
dapper	Fixed 3.0.3-6ubuntu7.2 released

isc-dhcp

maverick	dne
lucid	dne
karmic	dne
hardy	dne
dapper	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://secunia.com/advisories/44037

http://secunia.com/advisories/44048

http://secunia.com/advisories/44089

http://secunia.com/advisories/44090

http://secunia.com/advisories/44103

http://secunia.com/advisories/44127

http://secunia.com/advisories/44180

http://security.gentoo.org/glsa/glsa-201301-06.xml

http://securitytracker.com/id?1025300

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345

http://www.debian.org/security/2011/dsa-2216

http://www.debian.org/security/2011/dsa-2217

http://www.kb.cert.org/vuls/id/107886

http://www.mandriva.com/security/advisories?name=MDVSA-2011:073

http://www.osvdb.org/71493

http://www.redhat.com/support/errata/RHSA-2011-0428.html

http://www.redhat.com/support/errata/RHSA-2011-0840.html

http://www.securityfocus.com/bid/47176

http://www.ubuntu.com/usn/USN-1108-1

http://www.vupen.com/english/advisories/2011/0879

http://www.vupen.com/english/advisories/2011/0886

http://www.vupen.com/english/advisories/2011/0909

http://www.vupen.com/english/advisories/2011/0915

http://www.vupen.com/english/advisories/2011/0926

http://www.vupen.com/english/advisories/2011/0965

http://www.vupen.com/english/advisories/2011/1000

https://bugzilla.redhat.com/show_bug.cgi?id=689832

https://exchange.xforce.ibmcloud.com/vulnerabilities/66580

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812

https://www.exploit-db.com/exploits/37623/

https://www.isc.org/software/dhcp/advisories/cve-2011-0997

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057888.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058279.html

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://secunia.com/advisories/44037

http://secunia.com/advisories/44048

http://secunia.com/advisories/44089

http://secunia.com/advisories/44090

http://secunia.com/advisories/44103

http://secunia.com/advisories/44127

http://secunia.com/advisories/44180

http://security.gentoo.org/glsa/glsa-201301-06.xml

http://securitytracker.com/id?1025300

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593345

http://www.debian.org/security/2011/dsa-2216

http://www.debian.org/security/2011/dsa-2217

http://www.kb.cert.org/vuls/id/107886

http://www.mandriva.com/security/advisories?name=MDVSA-2011:073

http://www.osvdb.org/71493

http://www.redhat.com/support/errata/RHSA-2011-0428.html

http://www.redhat.com/support/errata/RHSA-2011-0840.html

http://www.securityfocus.com/bid/47176

http://www.ubuntu.com/usn/USN-1108-1

http://www.vupen.com/english/advisories/2011/0879

http://www.vupen.com/english/advisories/2011/0886

http://www.vupen.com/english/advisories/2011/0909

http://www.vupen.com/english/advisories/2011/0915

http://www.vupen.com/english/advisories/2011/0926

http://www.vupen.com/english/advisories/2011/0965

http://www.vupen.com/english/advisories/2011/1000

https://bugzilla.redhat.com/show_bug.cgi?id=689832

https://exchange.xforce.ibmcloud.com/vulnerabilities/66580

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12812

https://www.exploit-db.com/exploits/37623/

https://www.isc.org/software/dhcp/advisories/cve-2011-0997