Vulnerability Name:

CVE-2011-2716 (CCN-68773)

Assigned:2011-03-18
Published:2011-03-18
Updated:2020-08-27
Summary:The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C)
5.5 Medium (Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C)
5.5 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2716

Source: CONFIRM
Type: UNKNOWN
http://downloads.avaya.com/css/P8/documents/100158840

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

Source: CCN
Type: RHSA-2012-0308
Low: busybox security and bug fix update

Source: CCN
Type: RHSA-2012-0810
Low: busybox security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:0810

Source: FULLDISC
Type: UNKNOWN
20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

Source: FULLDISC
Type: UNKNOWN
20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S

Source: CCN
Type: SA45363
BusyBox udhcpc Response Processing Input Sanitation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
45363

Source: CCN
Type: BusyBox
BusyBox

Source: CONFIRM
Type: UNKNOWN
http://www.busybox.net/news.html

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:129

Source: CCN
Type: OSVDB ID: 74185
BusyBox DHCP Server hostname Response Parsing Remote Command Execution

Source: BID
Type: UNKNOWN
48879

Source: CCN
Type: BID-48879
BusyBox 'udhcpc' Shell Characters in Response Remote Code Execution Vulnerability

Source: CCN
Type: Busybox Bugzilla Bug 3979
udhcpc should filter out malicious hostnames passed in option 0x0c

Source: CONFIRM
Type: Patch
https://bugs.busybox.net/show_bug.cgi?id=3979

Source: XF
Type: UNKNOWN
busybox-udhcpc-code-execution(68773)

Source: BUGTRAQ
Type: UNKNOWN
20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series

Source: CONFIRM
Type: UNKNOWN
https://support.t-mobile.com/docs/DOC-21994

Vulnerable Configuration:Configuration 1:
  • cpe:/o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:busybox:busybox:0.60.5:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.00:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre1:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre10:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre2:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre3:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre4:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre5:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre6:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre7:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre8:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:pre9:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.01:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.1.0:pre1:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.13.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.13.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.13.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.13.4:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.14.4:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.15.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.15.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.15.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.16.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.16.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.17.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.17.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.17.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.17.4:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.18.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.18.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.18.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.18.4:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.18.5:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.19.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.19.2:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.19.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:*:*:*:*:*:*:*:* (Version <= 1.19.4)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23400
    P
    		ELSA-2012:0810: busybox security and bug fix update (Low)
    2014-05-26
    oval:org.mitre.oval:def:22866
    P
    		ELSA-2012:0308: busybox security and bug fix update (Low)
    2014-05-26
    oval:org.mitre.oval:def:20788
    P
    		RHSA-2012:0308: busybox security and bug fix update (Low)
    2014-02-24
    oval:org.mitre.oval:def:21495
    P
    		RHSA-2012:0810: busybox security and bug fix update (Low)
    2014-02-24
    oval:com.ubuntu.xenial:def:201127160000000
    V
    		CVE-2011-2716 on Ubuntu 16.04 LTS (xenial) - negligible.
    2012-07-03
    oval:com.ubuntu.xenial:def:20112716000
    V
    		CVE-2011-2716 on Ubuntu 16.04 LTS (xenial) - negligible.
    2012-07-03
    oval:com.ubuntu.cosmic:def:20112716000
    V
    		CVE-2011-2716 on Ubuntu 18.10 (cosmic) - negligible.
    2012-07-03
    oval:com.ubuntu.disco:def:201127160000000
    V
    		CVE-2011-2716 on Ubuntu 19.04 (disco) - negligible.
    2012-07-03
    oval:com.ubuntu.cosmic:def:201127160000000
    V
    		CVE-2011-2716 on Ubuntu 18.10 (cosmic) - negligible.
    2012-07-03
    oval:com.ubuntu.precise:def:20112716000
    V
    		CVE-2011-2716 on Ubuntu 12.04 LTS (precise) - low.
    2012-07-03
    oval:com.ubuntu.artful:def:20112716000
    V
    		CVE-2011-2716 on Ubuntu 17.10 (artful) - negligible.
    2012-07-03
    oval:com.ubuntu.bionic:def:201127160000000
    V
    		CVE-2011-2716 on Ubuntu 18.04 LTS (bionic) - negligible.
    2012-07-03
    oval:com.ubuntu.trusty:def:20112716000
    V
    		CVE-2011-2716 on Ubuntu 14.04 LTS (trusty) - negligible.
    2012-07-03
    oval:com.ubuntu.bionic:def:20112716000
    V
    		CVE-2011-2716 on Ubuntu 18.04 LTS (bionic) - negligible.
    2012-07-03
    oval:com.redhat.rhsa:def:20120810
    P
    		RHSA-2012:0810: busybox security and bug fix update (Low)
    2012-06-20
    oval:com.redhat.rhsa:def:20120308
    P
    		RHSA-2012:0308: busybox security and bug fix update (Low)
    2012-02-21
    BACK
    t-mobile tm-ac1900 3.0.0.4.376_3169
    busybox busybox 0.60.5
    busybox busybox 1.00
    busybox busybox 1.0.0 pre1
    busybox busybox 1.0.0 pre10
    busybox busybox 1.0.0 pre2
    busybox busybox 1.0.0 pre3
    busybox busybox 1.0.0 pre4
    busybox busybox 1.0.0 pre5
    busybox busybox 1.0.0 pre6
    busybox busybox 1.0.0 pre7
    busybox busybox 1.0.0 pre8
    busybox busybox 1.0.0 pre9
    busybox busybox 1.0.0 rc1
    busybox busybox 1.0.0 rc2
    busybox busybox 1.0.0 rc3
    busybox busybox 1.01
    busybox busybox 1.1.0
    busybox busybox 1.1.0 pre1
    busybox busybox 1.1.1
    busybox busybox 1.1.2
    busybox busybox 1.1.3
    busybox busybox 1.2.0
    busybox busybox 1.2.1
    busybox busybox 1.2.2
    busybox busybox 1.2.2.1
    busybox busybox 1.3.0
    busybox busybox 1.3.1
    busybox busybox 1.3.2
    busybox busybox 1.4.0
    busybox busybox 1.4.1
    busybox busybox 1.4.2
    busybox busybox 1.5.0
    busybox busybox 1.5.1
    busybox busybox 1.6.0
    busybox busybox 1.6.1
    busybox busybox 1.7.0
    busybox busybox 1.7.1
    busybox busybox 1.7.2
    busybox busybox 1.7.3
    busybox busybox 1.8.0
    busybox busybox 1.8.1
    busybox busybox 1.8.2
    busybox busybox 1.9.0
    busybox busybox 1.9.1
    busybox busybox 1.9.2
    busybox busybox 1.10.0
    busybox busybox 1.10.1
    busybox busybox 1.10.2
    busybox busybox 1.10.3
    busybox busybox 1.10.4
    busybox busybox 1.11.0
    busybox busybox 1.11.1
    busybox busybox 1.11.2
    busybox busybox 1.11.3
    busybox busybox 1.12.0
    busybox busybox 1.12.1
    busybox busybox 1.12.2
    busybox busybox 1.12.3
    busybox busybox 1.12.4
    busybox busybox 1.13.0
    busybox busybox 1.13.1
    busybox busybox 1.13.2
    busybox busybox 1.13.3
    busybox busybox 1.13.4
    busybox busybox 1.14.0
    busybox busybox 1.14.1
    busybox busybox 1.14.2
    busybox busybox 1.14.3
    busybox busybox 1.14.4
    busybox busybox 1.15.0
    busybox busybox 1.15.1
    busybox busybox 1.15.2
    busybox busybox 1.15.3
    busybox busybox 1.16.0
    busybox busybox 1.16.1
    busybox busybox 1.16.2
    busybox busybox 1.17.0
    busybox busybox 1.17.1
    busybox busybox 1.17.2
    busybox busybox 1.17.3
    busybox busybox 1.17.4
    busybox busybox 1.18.0
    busybox busybox 1.18.1
    busybox busybox 1.18.2
    busybox busybox 1.18.3
    busybox busybox 1.18.4
    busybox busybox 1.18.5
    busybox busybox 1.19.0
    busybox busybox 1.19.2
    busybox busybox 1.19.3
    busybox busybox *