CVE-2011-1930

EUVD-2011-1928
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
klibc_projectklibc
𝑥
< 1.5.25
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
klibc
bookworm
2.0.12-1
fixed
bullseye
2.0.8-6.1
fixed
sid
2.0.13-4
fixed
trixie
2.0.13-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
klibc
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
not-affected
utopic
not-affected
vivid
not-affected
References
http://security.gentoo.org/glsa/glsa-201309-21.xml
http://www.openwall.com/lists/oss-security/2012/05/22/12
http://www.securityfocus.com/bid/47924
https://access.redhat.com/security/cve/cve-2011-1930
https://security-tracker.debian.org/tracker/CVE-2011-1930
http://security.gentoo.org/glsa/glsa-201309-21.xml
http://www.openwall.com/lists/oss-security/2012/05/22/12
http://www.securityfocus.com/bid/47924
https://access.redhat.com/security/cve/cve-2011-1930
https://security-tracker.debian.org/tracker/CVE-2011-1930