Vulnerabilities > CVE-2011-1930
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
Vulnerable Configurations
Exploit-Db
description | klibc 1.5.2 DHCP Options Processing Remote Shell Command Execution Vulnerability. CVE-2011-1930. Remote exploit for linux platform |
id | EDB-ID:35785 |
last seen | 2016-02-04 |
modified | 2011-05-18 |
published | 2011-05-18 |
reporter | maximilian attems |
source | https://www.exploit-db.com/download/35785/ |
title | klibc 1.5.2 DHCP Options Processing Remote Shell Command Execution Vulnerability |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201309-21.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201309-21 (klibc: Command Injection) The ipconfig utility in klibc writes DHCP options to /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to get defined variables. The options written to this file are not properly escaped. Impact : A remote attacker could send a specially crafted DHCP reply, which could execute arbitrary shell code with the privileges of any process which sources DHCP options. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 70161 |
published | 2013-09-27 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/70161 |
title | GLSA-201309-21 : klibc: Command Injection |
code |
|
References
- http://security.gentoo.org/glsa/glsa-201309-21.xml
- http://www.openwall.com/lists/oss-security/2012/05/22/12
- http://www.securityfocus.com/bid/47924
- https://access.redhat.com/security/cve/cve-2011-1930
- https://security-tracker.debian.org/tracker/CVE-2011-1930
- http://security.gentoo.org/glsa/glsa-201309-21.xml
- https://security-tracker.debian.org/tracker/CVE-2011-1930
- https://access.redhat.com/security/cve/cve-2011-1930
- http://www.securityfocus.com/bid/47924
- http://www.openwall.com/lists/oss-security/2012/05/22/12