CVE-2011-2716

Public on 2012-07-03

Modified on 2014-09-14

Description

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

Severity

Low

See what this means

CVSS v3 Base Score

6.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	busybox	2012-07-05 16:23	ALAS-2012-103

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	6.8	AV:A/AC:H/Au:N/C:C/I:C/A:C
NVD	CVSSv2	6.8	AV:A/AC:H/Au:N/C:C/I:C/A:C

References

Red Hat: CVE-2011-2716 Mitre: CVE-2011-2716 FAQs regarding Amazon Linux ALAS/CVE Severity