CVE-2011-1930 Information

Description

In klibc 1.5.20 and 1.5.21 the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://security.gentoo.org/glsa/glsa-201309-21.xml http://www.openwall.com/lists/oss-security/2012/05/22/12 http://www.securityfocus.com/bid/47924 https://access.redhat.com/security/cve/cve-2011-1930 https://security-tracker.debian.org/tracker/CVE-2011-1930

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8