UBUNTU-CVE-2011-2716

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2011-2716
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2716.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2011-2716
Related
Published
2012-07-03T16:40:00Z
Modified
2025-01-13T10:21:00Z
Summary
[none]
Details

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOSTNAME, (2) DOMAINNAME, (3) NISDOMAIN, and (4) TFTPSERVER_NAME host name options.

References

Affected packages

Ubuntu:14.04:LTS / busybox

Package

Name
busybox
Purl
pkg:deb/ubuntu/busybox@1:1.21.0-1ubuntu1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.21.0-1ubuntu1

Affected versions

1:1.*

1:1.20.0-8.1ubuntu1
1:1.20.0-9ubuntu1
1:1.20.0-9ubuntu2

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_name": "busybox",
            "binary_version": "1:1.21.0-1ubuntu1"
        },
        {
            "binary_name": "busybox-initramfs",
            "binary_version": "1:1.21.0-1ubuntu1"
        },
        {
            "binary_name": "busybox-static",
            "binary_version": "1:1.21.0-1ubuntu1"
        },
        {
            "binary_name": "busybox-syslogd",
            "binary_version": "1:1.21.0-1ubuntu1"
        },
        {
            "binary_name": "busybox-udeb",
            "binary_version": "1:1.21.0-1ubuntu1"
        },
        {
            "binary_name": "udhcpc",
            "binary_version": "1:1.21.0-1ubuntu1"
        },
        {
            "binary_name": "udhcpd",
            "binary_version": "1:1.21.0-1ubuntu1"
        }
    ]
}