Vulnerability Details CVE-2011-2660
The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00029.html
- http://www.securityfocus.com/bid/49391
- https://bugzilla.novell.com/651577
- https://bugzilla.novell.com/708656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69514
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00029.html
- http://www.securityfocus.com/bid/49391
- https://bugzilla.novell.com/651577
- https://bugzilla.novell.com/708656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69514
Products affected by CVE-2011-2660
-
cpe:2.3:a:suse:vpnc:*
-
cpe:2.3:o:suse:linux_enterprise_desktop:11