CVE-2011-2717

Name of the Vulnerable Software and Affected Versions dhcpv6 project through 2011-07-25

Description The issue allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This is a result of the DHCPv6 client (dhcp6c) not properly sanitizing hostnames received from DHCP messages, allowing an attacker to inject shell metacharacters and execute commands on the client system.

Recommendations For versions of the dhcpv6 project through 2011-07-25, consider disabling the dhcp6c client until a patch is available to prevent remote execution of arbitrary commands. Restrict access to the dhcp6c client to minimize the risk of exploitation. Avoid using hostnames that may contain shell metacharacters in DHCP messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.