PT-2012-1147 · Intel · Connman

Sebastian Krahmer

Published

2012-05-15

Updated

2017-08-29

CVE-2012-2321

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ConnMan versions prior to 1.0-r1 ConnMan versions prior to 0.85

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the host name or domain name in a DHCP reply. Multiple vulnerabilities in the ConnMan package can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For ConnMan versions prior to 0.85, update to version 0.85 or later. For ConnMan versions prior to 1.0-r1, update to version 1.0-r1 or later. As a temporary workaround, consider restricting the use of the loopback plug-in until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-264

Related Identifiers

BDU:2015-09670

CVE-2012-2321

Affected Products

Connman

PT-2012-1147 · Intel · Connman

CVE-2012-2321

Weakness Enumeration

Related Identifiers

Affected Products

References · 21