Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2716

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2716
Last Modified 17 Sep 2015 09:59:13
Published 03 Jul 2012 12:40:30
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-2716

Summary

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

Vulnerable Systems

Application

  • Busybox 0.60.5

  • Busybox 1.0.0

  • Busybox 1.00

  • Busybox 1.01

  • Busybox 1.1.0

  • Busybox 1.1.1

  • Busybox 1.1.2

  • Busybox 1.1.3

  • Busybox 1.10.0

  • Busybox 1.10.1

  • Busybox 1.10.2

  • Busybox 1.10.3

  • Busybox 1.10.4

  • Busybox 1.11.0

  • Busybox 1.11.1

  • Busybox 1.11.2

  • Busybox 1.11.3

  • Busybox 1.12.0

  • Busybox 1.12.1

  • Busybox 1.12.2

  • Busybox 1.12.3

  • Busybox 1.12.4

  • Busybox 1.13.0

  • Busybox 1.13.1

  • Busybox 1.13.2

  • Busybox 1.13.3

  • Busybox 1.13.4

  • Busybox 1.14.0

  • Busybox 1.14.1

  • Busybox 1.14.2

  • Busybox 1.14.3

  • Busybox 1.14.4

  • Busybox 1.15.0

  • Busybox 1.15.1

  • Busybox 1.15.2

  • Busybox 1.15.3

  • Busybox 1.16.0

  • Busybox 1.16.1

  • Busybox 1.16.2

  • Busybox 1.17.0

  • Busybox 1.17.1

  • Busybox 1.17.2

  • Busybox 1.17.3

  • Busybox 1.17.4

  • Busybox 1.18.0

  • Busybox 1.18.1

  • Busybox 1.18.2

  • Busybox 1.18.3

  • Busybox 1.18.4

  • Busybox 1.18.5

  • Busybox 1.19.0

  • Busybox 1.19.2

  • Busybox 1.19.3

  • Busybox 1.19.4

  • Busybox 1.2.0

  • Busybox 1.2.1

  • Busybox 1.2.2

  • Busybox 1.2.2.1

  • Busybox 1.3.0

  • Busybox 1.3.1

  • Busybox 1.3.2

  • Busybox 1.4.0

  • Busybox 1.4.1

  • Busybox 1.4.2

  • Busybox 1.5.0

  • Busybox 1.5.1

  • Busybox 1.6.0

  • Busybox 1.6.1

  • Busybox 1.7.0

  • Busybox 1.7.1

  • Busybox 1.7.2

  • Busybox 1.7.3

  • Busybox 1.8.0

  • Busybox 1.8.1

  • Busybox 1.8.2

  • Busybox 1.9.0

  • Busybox 1.9.1

  • Busybox 1.9.2


References

CONFIRM - https://bugs.busybox.net/show_bug.cgi?id=3979

BID - 48879

CONFIRM - http://www.busybox.net/news.html

SECUNIA - 45363

REDHAT - RHSA-2012:0810

CONFIRM - http://downloads.avaya.com/css/P8/documents/100158840

MANDRIVA - MDVSA-2012:129

CONFIRM - https://support.t-mobile.com/docs/DOC-21994

Related Patches

Red Hat 2012:0308-03 RHSA Low: busybox security and bug fix update for RHEL 5 x86

Red Hat 2012:0308-03 RHSA Low: busybox security and bug fix update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:54:50