Lucene search

CentOS ProjectCESA-2007:0244

HistoryMay 02, 2007 - 8:46 a.m.

busybox security update

2007-05-0208:46:02

CentOS Project

lists.centos.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

CentOS Errata and Security Advisory CESA-2007:0244

Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file.
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075862.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075882.html

Affected packages:
busybox
busybox-anaconda

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0244

OSVersionArchitecturePackageVersionFilename
CentOS4ia64busybox< 1.00.rc1-7.el4busybox-1.00.rc1-7.el4.ia64.rpm
CentOS4ia64busybox-anaconda< 1.00.rc1-7.el4busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
CentOS4s390busybox< 1.00.rc1-7.el4busybox-1.00.rc1-7.el4.s390.rpm
CentOS4s390busybox-anaconda< 1.00.rc1-7.el4busybox-anaconda-1.00.rc1-7.el4.s390.rpm
CentOS4s390xbusybox< 1.00.rc1-7.el4busybox-1.00.rc1-7.el4.s390x.rpm
CentOS4s390xbusybox-anaconda< 1.00.rc1-7.el4busybox-anaconda-1.00.rc1-7.el4.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	ia64	busybox	< 1.00.rc1-7.el4	busybox-1.00.rc1-7.el4.ia64.rpm
CentOS	4	ia64	busybox-anaconda	< 1.00.rc1-7.el4	busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
CentOS	4	s390	busybox	< 1.00.rc1-7.el4	busybox-1.00.rc1-7.el4.s390.rpm
CentOS	4	s390	busybox-anaconda	< 1.00.rc1-7.el4	busybox-anaconda-1.00.rc1-7.el4.s390.rpm
CentOS	4	s390x	busybox	< 1.00.rc1-7.el4	busybox-1.00.rc1-7.el4.s390x.rpm
CentOS	4	s390x	busybox-anaconda	< 1.00.rc1-7.el4	busybox-anaconda-1.00.rc1-7.el4.s390x.rpm

References

pasi.pirhonen.eu/

steadfast.net/

rhn.redhat.com/errata/RHSA-2007-0244.html

twitter.com/centos

www.facebook.com/groups/centosproject/

www.linkedin.com/groups/22405

www.reddit.com/r/CentOS/

youtube.com/TheCentOSProject

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CESA-2007:0244