Lucene search

[email protected]CVE-2011-0996

HistoryApr 13, 2011 - 2:55 p.m.

CVE-2011-0996

2011-04-1314:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-0996

dhcpcd

remote attackers

arbitrary commands

shell metacharacters

hostname

dhcp

nvd

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

CPENameOperatorVersion
roy_marples:dhcpcdroy marples dhcpcdle5.2.10

CPE	Name	Operator	Version
roy_marples:dhcpcd	roy marples dhcpcd	le	5.2.10

References

roy.marples.name/archives/dhcpcd-discuss/2011/0326.html

roy.marples.name/projects/dhcpcd/changeset/c317b39786ac6c3a939dc711db7c78cf099859fd

roy.marples.name/projects/dhcpcd/timeline

secunia.com/advisories/44070

security.gentoo.org/glsa/glsa-201301-04.xml

www.securityfocus.com/bid/47272

bugzilla.novell.com/show_bug.cgi?id=675052

exchange.xforce.ibmcloud.com/vulnerabilities/66641

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2011-0996

nessus17 prion1 openvas3 securityvulns2 slackware1 debiancve1 gentoo1 ubuntucve1