CVE-2011-2716

EPSS 0.71%

Published: 7/3/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-2716

Description

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

Affected packages (1)

Debian/busyboxfrom 0, < 1:1.20.0-3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-2716