CVE-2011-2716

NameCVE-2011-2716
DescriptionThe DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs635548

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
busybox (PTS)jessie1:1.22.0-9+deb8u1fixed
jessie (security)1:1.22.0-9+deb8u4fixed
stretch1:1.22.0-19fixed
buster, sid1:1.30.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
busyboxsource(unstable)1:1.20.0-3unimportant635548

Notes

the default action script of busybox is not vulnerable to this attack
fixed in 1.20 (experimental). default script in udeb may be vulnerable.

Search for package or bug name: Reporting problems