In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-14T02:01:32

Updated: 2024-08-06T22:46:00.615Z

Reserved: 2011-05-09T00:00:00

Link: CVE-2011-1930

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-14T03:15:10.510

Modified: 2024-11-21T01:27:19.937

Link: CVE-2011-1930

cve-icon Redhat

No data.