CVE-2011-2717: dhcpv6: insufficient checking of DHCP options

Severity: Critical

CVSS Score: 9.8

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.