The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP
servers to execute arbitrary commands via shell metacharacters in the (1)
HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host
name options.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635548>
<https://bugs.busybox.net/show_bug.cgi?id=3979>

Notes

Author	Note
mdeslaur	similar to CVE-2011-0997, but for busybox

References

www.openwall.com/lists/oss-security/2011/07/25/3

launchpad.net/bugs/cve/CVE-2011-2716

nvd.nist.gov/vuln/detail/CVE-2011-2716

security-tracker.debian.org/tracker/CVE-2011-2716

www.cve.org/CVERecord?id=CVE-2011-2716

cve 2

nvd 2

debiancve 2

nessus 47

exploitdb 1

f5 2

openvas 46

debian 2

oraclelinux 3

securityvulns 5

ubuntu 2

prion 2

cvelist 2

centos 2

slackware 1

checkpoint_advisories 1

redhat 5

veracode 2

packetstorm 4

exploitpack 1

fedora 4

ubuntucve 1

freebsd 1

cert 1

canvas 1

cisa 1

amazon 1

threatpost 1

gentoo 2

vmware 2

cve

CVE-2011-2716

2012-07-03 16:40:30

CVE-2011-0997

2011-04-08 15:17:27

nvd

CVE-2011-2716

2012-07-03 16:40:30

CVE-2011-0997

2011-04-08 15:17:27

debiancve

CVE-2011-2716

2012-07-03 16:40:30

CVE-2011-0997

2011-04-08 15:17:27

nessus

Debian DSA-2216-1 : isc-dhcp - missing input sanitization

2011-04-11 00:00:00

FreeBSD : isc-dhcp-client -- dhclient does not strip or escape shell meta-characters (7e69f00d-632a-11e0-9f3a-001d092480a4)

2011-04-11 00:00:00

F5 Networks BIG-IP : DHCP Client vulnerability (SOL13219)

2014-10-10 00:00:00

exploitdb

15 TOTOLINK Router Models - Multiple Remote Code Execution Vulnerabilities

2015-07-16 00:00:00

K13219 : DHCP Client vulnerability CVE-2011-0997

2013-09-05 00:00:00

SOL13219 - DHCP Client vulnerability CVE-2011-0997

2011-11-23 00:00:00

openvas

Slackware Advisory SSA:2011-097-01 dhcp

2012-09-11 00:00:00

FreeBSD Ports: isc-dhcp31-client

2011-05-12 00:00:00

CentOS Update for dhclient CESA-2011:0428 centos5 i386

2011-08-09 00:00:00

debian

[SECURITY] [DSA 2217-1] dhcp3 security update

2011-04-10 21:58:40

[SECURITY] [DSA 2216-1] isc-dhcp security update

2011-04-10 21:55:28

oraclelinux

dhcp security update

2011-04-08 00:00:00

busybox security and bug fix update

2012-03-01 00:00:00

busybox security and bug fix update

2012-06-27 00:00:00

securityvulns

[SECURITY] [DSA 2216-1] isc-dhcp security update

2011-04-12 00:00:00

127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request

2015-07-14 00:00:00

15 TOTOLINK router models vulnerable to multiple RCEs

2015-07-20 00:00:00

ubuntu

DHCP vulnerability

2011-04-11 00:00:00

DHCP vulnerability

2011-04-19 00:00:00

prion

Code injection

2012-07-03 16:40:00

Code injection

2011-04-08 15:17:00

cvelist

CVE-2011-2716

2012-07-03 16:00:00

CVE-2011-0997

2011-04-08 15:00:00

centos

dhclient, dhcp, libdhcp4client security update

2011-04-08 21:18:26

busybox security update

2012-07-10 17:22:13

slackware

[slackware-security] dhcp

2011-04-07 05:49:25

checkpoint_advisories

ISC DHCP dhclient Network Configuration Script Command Injection (CVE-2011-0997)

2011-08-16 00:00:00

redhat

(RHSA-2011:0840) Important: dhcp security update

2011-05-31 00:00:00

(RHSA-2011:0428) Important: dhcp security update

2011-04-08 00:00:00

(RHSA-2012:0810) Low: busybox security and bug fix update

2012-06-20 00:00:00

veracode

Arbitrary Code Execution

2020-04-10 00:54:29

Arbitrary Code Execution

2019-05-02 04:41:55

packetstorm

ipTIME DHCP Remote Command Execution

2015-07-06 00:00:00

15 TOTOLINK Routers Remote Command Execution

2015-07-16 00:00:00

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password

2020-08-27 00:00:00

exploitpack

15 TOTOLINK Router Models - Multiple Remote Code Execution Vulnerabilities

2015-07-16 00:00:00

fedora

[SECURITY] Fedora 15 Update: dhcp-4.2.1-4.P1.fc15

2011-04-15 21:50:51

[SECURITY] Fedora 13 Update: dhcp-4.1.2-4.ESV.R2.fc13

2011-04-18 21:21:43

[SECURITY] Fedora 14 Update: dhcp-4.2.0-21.P2.fc14

2011-04-12 21:33:04

ubuntucve

CVE-2011-0997

2011-04-08 00:00:00

freebsd

isc-dhcp-client -- dhclient does not strip or escape shell meta-characters

2011-04-05 00:00:00

cert

ISC dhclient vulnerability

2011-04-05 00:00:00

canvas

Immunity Canvas: CVE_2011_0997

2011-04-08 15:17:00

cisa

ISC dhclient Vulnerability

2011-04-08 00:00:00

amazon

Low: busybox

2012-07-05 16:23:00

threatpost

Critical RCE Bug Found Lurking in Avaya VoIP Phones

2019-08-08 20:00:50

gentoo

BusyBox: Multiple vulnerabilities

2013-12-03 00:00:00

ISC DHCP: Denial of service

2013-01-09 00:00:00

vmware

VMware ESX third party updates for Service Console packages glibc and dhcp

2011-07-28 00:00:00

VMware ESX third party updates for Service Console packages glibc and dhcp

2011-07-28 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

Related for UB:CVE-2011-2716