Описание
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.19.4 (включая)
Одно из
cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre1:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre10:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre2:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre3:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre4:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre5:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre6:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre7:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre8:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:pre9:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.1.0:pre1:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*
cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00707
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 13 лет назад
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
redhat
больше 14 лет назад
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
debian
больше 13 лет назад
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ...
github
больше 3 лет назад
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
oracle-oval
больше 13 лет назад
ELSA-2012-0810: busybox security and bug fix update (LOW)
EPSS
Процентиль: 71%
0.00707
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-20