Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2011:0840
The remote host is missing updates announced in
advisory RHSA-2011:0840.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast

It was discovered that the DHCP client daemon, dhclient, did not
sufficiently sanitize certain options provided in DHCP server replies, such
as the client hostname. A malicious DHCP server could send such an option
with a specially-crafted value to a DHCP client. If this option's value was
saved on the client system, and then later insecurely evaluated by a
process that assumes the option is trusted, it could lead to arbitrary code
execution with the privileges of that process. (CVE-2011-0997)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.

All dhclient users should upgrade to these updated packages, which contain
a backported patch to correct this issue.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0997
BugTraq ID: 47176
CERT/CC vulnerability note: VU#107886
Debian Security Information: DSA-2216 (Google Search)
Debian Security Information: DSA-2217 (Google Search)
HPdes Security Advisory: HPSBMU02752
HPdes Security Advisory: SSRT100802
XForce ISS Database: iscdhcp-dhclient-command-execution(66580)
CopyrightCopyright (c) 2012 E-Soft Inc.

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.