Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-2716
HistoryJul 03, 2012 - 12:00 a.m.

CVE-2011-2716

2012-07-0300:00:00
ubuntu.com
ubuntu.com
17

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.968

Percentile

99.7%

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP
servers to execute arbitrary commands via shell metacharacters in the (1)
HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host
name options.

Bugs

Notes

Author Note
mdeslaur similar to CVE-2011-0997, but for busybox

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.968

Percentile

99.7%