Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
klibc 代码注入漏洞
Vulnerability Description
klibc是瑞典软件开发者汉-彼得-艾文(Hans Peter Anvin)所研发的一种C标准函式库。该库属于自由软件,主要应用于Linux开机流程中。 klibc 1.5.20版本和1.5.21版本中存在代码注入漏洞,该漏洞源于程序没有正确过滤用户提交的输入。攻击者可利用该漏洞在使用受影响库的应用程序上下文中执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A