CVE-2011-1930

CRITICAL

klibc 1.5.20-1.5.21 - RCE

Title source: llm

Description

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

Exploits (1)

exploitdb WORKING POC VERIFIED

by maximilian attems · textremotelinux

https://www.exploit-db.com/exploits/35785

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201309-21.xml

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2012/05/22/12

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47924

[Not Applicable, Third Party Advisory] https://access.redhat.com/security/cve/cve-2011-1930

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2011-1930

Scores

CVSS v3 9.8

EPSS 0.2899

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

klibc_project/klibc < 1.5.25

Published Nov 14, 2019

Tracked Since Feb 18, 2026