HighIBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects the presence of shell meta-characters in the host name returned from the BOOTP server.
High
IBM Security Server Protection for Windows: 2.1.14.2700, Proventia Network MFS: XPU 31.110, Proventia-G 1.1 and earlier: XPU 31.110, Proventia Network IDS: XPU 31.110, RealSecure Server Sensor: XPU 31.110, RealSecure Network: XPU 31.110, Proventia Desktop: 2700, Proventia Network IPS: XPU 31.110, Proventia Server IPS for Linux technology: 31.110, Virtual Server Protection for Vmware: XPU 31.110
RedHat Enterprise Linux: 4 AS, RedHat Enterprise Linux: 4 Desktop, RedHat Enterprise Linux: 4 ES, RedHat Enterprise Linux: 4 WS, VMware ESX Server: 3.0.0, RedHat Enterprise Linux: 5, RedHat Enterprise Linux: 5 Client Workstation, RedHat Enterprise Linux: 5 Client, ISC DHCPd: 3.0, ISC DHCPd: 3.0.1 rc1, ISC DHCPd: 3.0.1 rc10, ISC DHCPd: 3.0.1 rc2, ISC DHCPd: 3.0.1 rc3, ISC DHCPd: 3.0.1 rc4, ISC DHCPd: 3.0.1 rc5, ISC DHCPd: 3.0.1 rc6, ISC DHCPd: 3.0.1 rc7, ISC DHCPd: 3.0.1 rc8, ISC DHCPd: 3.0.1 rc9, Apple AirPort Express, Apple AirPort Extreme, ISC DHCP: 4.1, RedHat Enterprise Linux: 4.8.z ES, RedHat Enterprise Linux: 4.8.z AS, VMware ESX Server: 4.0, Citrix XenServer: 5.5, Apple Time Capsule, ISC DHCP: 4.1.1, ISC DHCP: 4.1.1 B1, ISC DHCP: 4.1.1 B2, ISC DHCP: 4.1.1 B3, ISC DHCP: 4.1.1 rc1, ISC DHCP: 4.0.0, ISC DHCP: 4.0.1 B1, ISC DHCP: 4.0.1 rc1, ISC DHCP: 4.0.1, ISC DHCP: 4.0.2 B1, ISC DHCP: 4.0.2 B2, ISC DHCP: 4.0.2 B3, ISC DHCP: 4.0.2 rc1, ISC DHCP: 4.0.2, Citrix XenServer: 5.0, ISC DHCP: 4.2, RedHat Enterprise Linux: 6 Server, RedHat Enterprise Linux: 6 Workstation, Citrix XenServer: 5.6, RedHat Enterprise Linux Desktop : 6, RedHat Enterprise Linux HPC Node : 6, RedHat Enterprise Linux Server EUS: 6.0.z, RedHat Enterprise Linux EUS : 5.6.z, RedHat Enterprise Linux Long Life : 5.6
Unauthorized Access Attempt
ISC DHCP could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to strip specific shell meta-characters when processing DHCP server responses by the dhclient. By sending a specially-crafted hostname response, a remote attacker could exploit this vulnerability to inject and execute arbitrary shell commands on the system.
Upgrade to the latest version of ISC DHCP (3.1-ESV-R1 and 4.1-ESV-R2 or 4.2.1-P1 or later), available from the Internet Systems Consortium Web site. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Internet Systems Consortium Web site
dhclient does not strip or escape shell meta-characters
https://www.isc.org/software/dhcp/advisories/cve-2011-0997
VMSA-2011-0010
VMware ESX third party updates for Service Console
http://lists.vmware.com/pipermail/security-announce/2011/000142.html
CTX130325
Citrix XenServer Multiple Security Updates
http://support.citrix.com/article/CTX130325
Apple Web site
About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.6
http://support.apple.com/kb/HT5005
ISS X-Force
ISC DHCP dhclient command execution
http://www.iss.net/security_center/static/66580.php
CVE
CVE-2011-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997