PT-2012-1147 · Intel · Connman

Sebastian Krahmer

Publicado

2012-05-15

Atualizado

2017-08-29

CVE-2012-2321

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ConnMan versions prior to 1.0-r1 ConnMan versions prior to 0.85

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the host name or domain name in a DHCP reply. Multiple vulnerabilities in the ConnMan package can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For ConnMan versions prior to 0.85, update to version 0.85 or later. For ConnMan versions prior to 1.0-r1, update to version 1.0-r1 or later. As a temporary workaround, consider restricting the use of the loopback plug-in until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-264

Identificadores relacionados

BDU:2015-09670

CVE-2012-2321

Produtos afetados

Connman

PT-2012-1147 · Intel · Connman

CVE-2012-2321

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21