CVE-2011-1930

Name of the Vulnerable Software and Affected Versions klibc versions 1.5.20 through 1.5.21

Description The issue arises from the improper escaping of DHCP options written by ipconfig to /tmp/net-$DEVICE.conf. This could potentially allow a remote attacker to send a specially crafted DHCP reply, which may execute arbitrary code with the privileges of any process that sources DHCP options.

Recommendations For klibc versions 1.5.20 and 1.5.21, consider restricting access to the DHCP options file until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.