DHCP: ISC Network Configuration Script Command Injection
This signature detects attempts to exploit a known vulnerability against ISC DHCP server. It is due to insufficient validation of responses sent by ISC DHCP server. A successful attack can lead to arbitrary command injection on the DHCP client.
Extended Description
The ISC DHCP client 'dhclient' is prone to a remote code-execution vulnerability because it fails to properly escape certain shell meta-characters from DHCP server responses. A remote attacker can exploit this issue through a rogue DHCP server. Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
Affected Products
Apple airport_express_base_station_with_802.11n,Isc dhcpd,Pardus linux_2009
Short Name
DHCP:SERVER:ISC-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DHCP
Keywords
CVE-2011-0997 Command Configuration ISC Injection Network Script bid:47176
Release Date
06/20/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Suse
Apple
Hp
Citrix
Avaya
Mandriva
Pardus
Slackware
Ubuntu
Isc
Netbsd
Debian
Vmware
CVSS Score
7.5