7.5

CVE-2011-2660

The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SuseVpnc Version <= 0.5.1
SuseLinux Enterprise Desktop Version11 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.17% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00029.html
http://www.securityfocus.com/bid/49391
https://bugzilla.novell.com/651577
https://bugzilla.novell.com/708656
https://exchange.xforce.ibmcloud.com/vulnerabilities/69514