CVE Daily

CVE-2011-1930

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DE...

Critical CVSS 9.8

Overview

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

CWE: N/A Published: 2019-11-14T03:15:10.510
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags