CVE-2011-2716

Name of the Vulnerable Software and Affected Versions BusyBox versions prior to 1.21.0

Description The issue allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the HOST NAME, DOMAIN NAME, NIS DOMAIN, and TFTP SERVER NAME host name options. Multiple vulnerabilities in the BusyBox package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions prior to 1.21.0, update to version 1.21.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the udhcpc DHCP client until a patch is available. Avoid using the HOST NAME, DOMAIN NAME, NIS DOMAIN, and TFTP SERVER NAME host name options in the DHCP client configuration until the issue is resolved.