CVE-2012-2321
published 2012-05-18CVE-2012-2321: The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.71%
92.1th percentile
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
Affected
89 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| connman | connman | <= 0.84 | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
| connman | connman | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor DHCP replies where the hostname or domain name fields contain shell metacharacters (e.g., ;, |, $(), backticks, &&, etc.), which are injected to achieve remote command execution via ConnMan's loopback plug-in. ↗
- ·Only ConnMan versions before 0.85 are vulnerable; the loopback plug-in passes unsanitized DHCP reply fields (hostname, domain name) to a shell, enabling command injection. Upgrade to 0.85+ or the Debian-fixed package (1.0-1) to remediate. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-frmw-wwv7-8q6q: The loopback plug-in in ConnMan before 0
ghsa_unreviewed·2022-05-17
CVE-2012-2321 [HIGH] CWE-20 GHSA-frmw-wwv7-8q6q: The loopback plug-in in ConnMan before 0
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
OSV
CVE-2012-2321: The loopback plug-in in ConnMan before 0
osv·2012-05-18·CVSS 10.0
CVE-2012-2321 [CRITICAL] CVE-2012-2321: The loopback plug-in in ConnMan before 0
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
Debian
CVE-2012-2321: connman - The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute a...
vendor_debian·2012·CVSS 10.0
CVE-2012-2321 [CRITICAL] CVE-2012-2321: connman - The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute a...
The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.
Scope: local
bookworm: resolved (fixed in 1.0-1)
bullseye: resolved (fixed in 1.0-1)
forky: resolved (fixed in 1.0-1)
sid: resolved (fixed in 1.0-1)
trixie: resolved (fixed in 1.0-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=26ace5c59f790bce0f1988b88874c6f2c480fd5ahttp://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911http://secunia.com/advisories/49033http://secunia.com/advisories/49186http://security.gentoo.org/glsa/glsa-201205-02.xmlhttp://www.openwall.com/lists/oss-security/2012/05/07/10http://www.openwall.com/lists/oss-security/2012/05/07/2http://www.openwall.com/lists/oss-security/2012/05/07/6http://www.osvdb.org/81705http://www.securityfocus.com/bid/53408https://bugzilla.novell.com/show_bug.cgi?id=715172https://exchange.xforce.ibmcloud.com/vulnerabilities/75466http://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=26ace5c59f790bce0f1988b88874c6f2c480fd5ahttp://git.kernel.org/?p=network/connman/connman.git%3Ba=commit%3Bh=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911http://secunia.com/advisories/49033http://secunia.com/advisories/49186http://security.gentoo.org/glsa/glsa-201205-02.xmlhttp://www.openwall.com/lists/oss-security/2012/05/07/10http://www.openwall.com/lists/oss-security/2012/05/07/2http://www.openwall.com/lists/oss-security/2012/05/07/6http://www.osvdb.org/81705http://www.securityfocus.com/bid/53408https://bugzilla.novell.com/show_bug.cgi?id=715172https://exchange.xforce.ibmcloud.com/vulnerabilities/75466
2012-05-18
Published