The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of BusyBox

computer vulnerability bulletin CVE-2016-2148

BusyBox: buffer overflow via DHCP Client OPTION_6RD

Synthesis of the vulnerability

Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Confidence: confirmed by the editor (5/5).
Creation date: 27/07/2018.
Identifiers: CVE-2016-2148, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26858.

Description of the vulnerability

An attacker can generate a buffer overflow via DHCP Client OPTION_6RD of BusyBox, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-2147

BusyBox: integer overflow via DHCP Client

Synthesis of the vulnerability

Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: LAN.
Confidence: confirmed by the editor (5/5).
Creation date: 27/07/2018.
Identifiers: CVE-2016-2147, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26857.

Description of the vulnerability

An attacker can generate an integer overflow via DHCP Client of BusyBox, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-9261

BusyBox: denial of service via huft_build

Synthesis of the vulnerability

Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 27/07/2018.
Identifiers: CVE-2015-9261, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26856.

Description of the vulnerability

An attacker can generate a fatal error via huft_build() of BusyBox, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-1000500

BusyBox: Man-in-the-Middle via wget

Synthesis of the vulnerability

Impacted products: BusyBox, WindRiver Linux.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 27/06/2018.
Identifiers: CVE-2018-1000500, VIGILANCE-VUL-26552.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via wget on BusyBox, in order to read or write data in the session.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-1000517

BusyBox: buffer overflow via wget

Synthesis of the vulnerability

Impacted products: BusyBox, Debian, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 27/06/2018.
Identifiers: CVE-2018-1000517, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26551.

Description of the vulnerability

An attacker can generate a buffer overflow via wget of BusyBox, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-16544

BusyBox: code execution via AutoComplete

Synthesis of the vulnerability

Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 21/11/2017.
Identifiers: CVE-2017-16544, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-24504.

Description of the vulnerability

An attacker can use a vulnerability via AutoComplete of BusyBox, in order to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-15874

BusyBox: integer overflow via decompress_unlzma.c

Synthesis of the vulnerability

Impacted products: BusyBox.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 25/10/2017.
Identifiers: 10436, CVE-2017-15874, VIGILANCE-VUL-24230.

Description of the vulnerability

An attacker can generate an integer overflow via decompress_unlzma.c of BusyBox, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-15873

BusyBox: integer overflow via get_next_block

Synthesis of the vulnerability

Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 25/10/2017.
Identifiers: 10431, CVE-2017-15873, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-24229.

Description of the vulnerability

An attacker can generate an integer overflow via get_next_block() of BusyBox, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 21426

BusyBox: memory corruption via hush

Synthesis of the vulnerability

Impacted products: BusyBox.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/12/2016.
Identifiers: VIGILANCE-VUL-21426.

Description of the vulnerability

An attacker can generate a memory corruption via the command "hush" of BusyBox, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-6301

BusyBox: denial of service via NTP

Synthesis of the vulnerability

An attacker can send a malicious NTP packet to BusyBox, in order to trigger a denial of service.
Impacted products: BusyBox.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 03/08/2016.
Identifiers: CVE-2016-6301, VIGILANCE-VUL-20300.

Description of the vulnerability

The BusyBox product has a service to manage received NTP packets.

However, this service does not check if the received NTP packet originates from a client. An attacker can thus spoof a packet, and generate a loop between two BusyBox servers.

An attacker can therefore send a malicious NTP packet to BusyBox, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about BusyBox: