ID GENTOO_GLSA-201612-04.NASL Type nessus Reporter Tenable Modified 2017-02-21T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201612-04.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(95519);
script_version("$Revision: 3.3 $");
script_cvs_date("$Date: 2017/02/21 14:37:42 $");
script_cve_id("CVE-2016-2147", "CVE-2016-2148");
script_xref(name:"GLSA", value:"201612-04");
script_name(english:"GLSA-201612-04 : BusyBox: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201612-04
(BusyBox: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time. However, on Gentoo, the
remote code execution vulnerability can be avoided if you don’t use
BusyBox’s udhcpc or build the package without the “ipv6” USE flag
enabled."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201612-04"
);
script_set_attribute(
attribute:"solution",
value:
"All BusyBox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:busybox");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"sys-apps/busybox", unaffected:make_list("ge 1.24.2"), vulnerable:make_list("lt 1.24.2"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BusyBox");
}
{"id": "GENTOO_GLSA-201612-04.NASL", "bulletinFamily": "scanner", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "published": "2016-12-05T00:00:00", "modified": "2017-02-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/201612-04"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "type": "nessus", "lastseen": "2019-02-21T01:28:37", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "35f9b36654b53f1d488d9f347f83efe0e35be22ff5c81c6a4777604b8bcb4f69", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2018-09-01T23:41:27", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 4}, "differentElements": ["description"], "edition": 8, "lastseen": "2018-09-01T23:41:27"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 1, "hash": "882b47a5d5b6d6cb18b659a2ed30619558754e78ecee84aea04ed5c3d9ea3493", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "f14d86500b340525838e4f7dcece45db", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "2be0c887de56e273f7db375f49f6692c", "key": "sourceData"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2016-12-05T21:36:25", "modified": "2016-12-05T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2016/12/05 14:32:01 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["sourceData"], "edition": 1, "lastseen": "2016-12-05T21:36:25"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 3, "hash": "c631f4857addf53e7267da63008ab160659d4ac2067c56e7c4520d3e63b80a2c", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f48b2af0bd81c0460d2e005d8c33ee02", "key": "modified"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "f14d86500b340525838e4f7dcece45db", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "613931edc04e9bf7cbc913fa7bfd5e1e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2017-02-17T01:02:38", "modified": "2017-02-16T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2017/02/16 14:43:47 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-02-17T01:02:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "35f9b36654b53f1d488d9f347f83efe0e35be22ff5c81c6a4777604b8bcb4f69", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2017-10-29T13:36:31", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2017-10-29T13:36:31"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 2, "hash": "d3a075c27b5e7c013dcd6a1dcfb1e14bff334f9316e2cbd6da1b26837ddbe525", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "f14d86500b340525838e4f7dcece45db", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "613931edc04e9bf7cbc913fa7bfd5e1e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2017-02-16T21:01:46", "modified": "2016-12-05T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2017/02/16 14:43:47 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["modified"], "edition": 2, "lastseen": "2017-02-16T21:01:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-01-16T20:25:32", "references": [{"idList": ["CVE-2016-2147", "CVE-2016-2148"], "type": "cve"}, {"idList": ["DEBIAN:DLA-1445-1:15231"], "type": "debian"}, {"idList": ["GLSA-201612-04"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310891445"], "type": "openvas"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "db2968249b0e4c47f0881a209a1bd25b01973a31b190b71be15b4b3cf42c0ffa", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "07502c724af106611ab6ccc328ea4135", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2019-01-16T20:25:32", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 4}, "differentElements": ["description"], "edition": 9, "lastseen": "2019-01-16T20:25:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 5, "enchantments": {}, "hash": "6c5cbeb351ce0b87a6c81df702ebb4683985b2f998e5d74bd532bd2987a89a66", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2017-04-18T16:29:57", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 4}, "differentElements": ["cpe"], "edition": 5, "lastseen": "2017-04-18T16:29:57"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 4, "hash": "5320e85fac0c595f1b96ec457fc36e844b2bcea9e0f4ba6f34d712010a1547f3", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "f14d86500b340525838e4f7dcece45db", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2017-02-21T19:02:02", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2017-02-21T19:02:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "550fa84bbefbc4620b7b3f380442be657a6c5e25eb0ddb43e17a6e12e6ce8a25", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2018-08-30T19:36:23", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2018-08-30T19:36:23"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "48258be48885b7dcce542bdcd3262de9"}, {"key": "cvelist", "hash": "95885e8234b3f20050e3e8eb8d9f2bb9"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "df0a39dc2b2967fafafe1a0f74061741"}, {"key": "href", "hash": "b44d52b127ad50bb6d5801eec2632736"}, {"key": "modified", "hash": "7565f612f72abcf2c0cdd09cd5df5785"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "feadb0d54b2aa8df062c20746250dd20"}, {"key": "published", "hash": "f5d52a762ea3014355f69f04aee37d52"}, {"key": "references", "hash": "ea981749286a23fef67d13f8c0217626"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "486a33e7025603b916fa686abeaf103d"}, {"key": "title", "hash": "2226cb6a873807f1c70e28d9db1cb90a"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "35f9b36654b53f1d488d9f347f83efe0e35be22ff5c81c6a4777604b8bcb4f69", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-2147", "CVE-2016-2148"]}, {"type": "gentoo", "idList": ["GLSA-201612-04"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891445", "OPENVAS:1361412562310843963"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74"]}, {"type": "ubuntu", "idList": ["USN-3935-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1445-1:15231"]}], "modified": "2019-02-21T01:28:37"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "95519", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "scheme": null}
{"cve": [{"lastseen": "2019-04-05T10:32:41", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.", "modified": "2019-04-03T11:29:00", "published": "2017-02-09T10:59:00", "id": "CVE-2016-2148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2148", "title": "CVE-2016-2148", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-05T10:32:41", "bulletinFamily": "NVD", "description": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.", "modified": "2019-04-03T11:29:00", "published": "2017-02-09T10:59:00", "id": "CVE-2016-2147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2147", "title": "CVE-2016-2147", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-12-04T08:54:17", "bulletinFamily": "unix", "description": "### Background\n\nBusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. \n\n### Description\n\nMultiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don\u2019t use BusyBox\u2019s udhcpc or build the package without the \u201cipv6\u201d USE flag enabled. \n\n### Resolution\n\nAll BusyBox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/busybox-1.24.2\"", "modified": "2016-12-04T00:00:00", "published": "2016-12-04T00:00:00", "href": "https://security.gentoo.org/glsa/201612-04", "id": "GLSA-201612-04", "type": "gentoo", "title": "BusyBox: Multiple vulnerabilities", "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}}], "openvas": [{"lastseen": "2019-03-19T12:27:13", "bulletinFamily": "scanner", "description": "Busybox, utility programs for small and embedded systems, was affected\nby several security vulnerabilities. The Common Vulnerabilities and\nExposures project identifies the following issues.\n\nCVE-2011-5325\n\nA path traversal vulnerability was found in Busybox implementation\nof tar. tar will extract a symlink that points outside of the\ncurrent working directory and then follow that symlink when\nextracting other files. This allows for a directory traversal\nattack when extracting untrusted tarballs.\n\nCVE-2013-1813\n\nWhen device node or symlink in /dev should be created inside\n2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate\ndirectories are created with incorrect permissions.\n\nCVE-2014-4607\n\nAn integer overflow may occur when processing any variant of a\n", "modified": "2019-03-18T00:00:00", "published": "2018-07-27T00:00:00", "id": "OPENVAS:1361412562310891445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891445", "title": "Debian LTS Advisory ([SECURITY] [DLA 1445-1] busybox security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1445.nasl 14270 2019-03-18 14:24:29Z cfischer $\n#\n# Auto-generated from advisory DLA 1445-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891445\");\n script_version(\"$Revision: 14270 $\");\n script_cve_id(\"CVE-2011-5325\", \"CVE-2013-1813\", \"CVE-2014-4607\", \"CVE-2014-9645\", \"CVE-2015-9261\",\n \"CVE-2015-9621\", \"CVE-2016-2147\", \"CVE-2016-2148\", \"CVE-2017-15873\", \"CVE-2017-16544\",\n \"CVE-2018-1000517\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1445-1] busybox security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:24:29 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-27 00:00:00 +0200 (Fri, 27 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"busybox on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:1.22.0-9+deb8u2.\n\nWe recommend that you upgrade your busybox packages.\");\n script_tag(name:\"summary\", value:\"Busybox, utility programs for small and embedded systems, was affected\nby several security vulnerabilities. The Common Vulnerabilities and\nExposures project identifies the following issues.\n\nCVE-2011-5325\n\nA path traversal vulnerability was found in Busybox implementation\nof tar. tar will extract a symlink that points outside of the\ncurrent working directory and then follow that symlink when\nextracting other files. This allows for a directory traversal\nattack when extracting untrusted tarballs.\n\nCVE-2013-1813\n\nWhen device node or symlink in /dev should be created inside\n2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate\ndirectories are created with incorrect permissions.\n\nCVE-2014-4607\n\nAn integer overflow may occur when processing any variant of a\n'literal run' in the lzo1x_decompress_safe function. Each of these\nthree locations is subject to an integer overflow when processing\nzero bytes. This exposes the code that copies literals to memory\ncorruption.\n\nCVE-2014-9645\n\nThe add_probe function in modutils/modprobe.c in BusyBox allows\nlocal users to bypass intended restrictions on loading kernel\nmodules via a / (slash) character in a module name, as demonstrated\nby an 'ifconfig /usbserial up' command or a 'mount -t /snd_pcm none\n/' command.\n\nCVE-2016-2147\n\nInteger overflow in the DHCP client (udhcpc) in BusyBox allows\nremote attackers to cause a denial of service (crash) via a\nmalformed RFC1035-encoded domain name, which triggers an\nout-of-bounds heap write.\n\nCVE-2016-2148\n\nHeap-based buffer overflow in the DHCP client (udhcpc) in BusyBox\nallows remote attackers to have unspecified impact via vectors\ninvolving OPTION_6RD parsing.\n\nCVE-2017-15873\n\nThe get_next_block function in archival/libarchive\n/decompress_bunzip2.c in BusyBox has an Integer Overflow that may\nlead to a write access violation.\n\nCVE-2017-16544\n\nIn the add_match function in libbb/lineedit.c in BusyBox, the tab\nautocomplete feature of the shell, used to get a list of filenames\nin a directory, does not sanitize filenames and results in executing\nany escape sequence in the terminal. This could potentially result\nin code execution, arbitrary file writes, or other attacks.\n\nCVE-2018-1000517\n\nBusyBox contains a Buffer Overflow vulnerability in\nBusybox wget that can result in a heap-based buffer overflow.\nThis attack appears to be exploitable via network connectivity.\n\nCVE-2015-9621\n\nUnziping a specially crafted zip file results in a computation of an\ninvalid pointer and a crash reading an invalid address.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"busybox-syslogd\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-29T16:21:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-26T00:00:00", "published": "2019-04-04T00:00:00", "id": "OPENVAS:1361412562310843963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843963", "title": "Ubuntu Update for busybox USN-3935-1", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843963\");\n script_version(\"2019-04-26T08:24:31+0000\");\n script_cve_id(\"CVE-2011-5325\", \"CVE-2014-9645\", \"CVE-2015-9261\", \"CVE-2016-2147\",\n \"CVE-2016-2148\", \"CVE-2017-15873\", \"CVE-2017-16544\", \"CVE-2018-1000517\",\n \"CVE-2018-20679\", \"CVE-2019-5747\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 08:24:31 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-04 02:03:26 +0000 (Thu, 04 Apr 2019)\");\n script_name(\"Ubuntu Update for busybox USN-3935-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU14\\.04 LTS|UBUNTU18\\.04 LTS|UBUNTU18\\.10|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3935-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3935-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'busybox'\n package(s) announced via the USN-3935-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar\narchives. If a user or automated system were tricked into processing a\nspecially crafted tar archive, a remote attacker could overwrite arbitrary\nfiles outside of the current directory. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel module\nloading restrictions. A local attacker could possibly use this issue to\nbypass intended restrictions. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP archives. If\na user or automated system were tricked into processing a specially crafted\nZIP archive, a remote attacker could cause BusyBox to crash, leading to a\ndenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain malformed domain names. A remote attacker could possibly use this\nissue to cause the DHCP client to crash, leading to a denial of service.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain 6RD options. A remote attacker could use this issue to cause the\nDHCP client to crash, leading to a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2 archives.\nIf a user or automated system were tricked into processing a specially\ncrafted bzip2 archive, a remote attacker could cause BusyBox to crash,\nleading to a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A local\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled certain\nresponses. A remote attacker could use this issue to cause BusyBox to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled\ncertain memory operations. A remote attacker could possibly use this issue\nto access sensitive information. (CVE-2018-20679, CVE-2019-5747)\");\n\n script_tag(name:\"affected\", value:\"'busybox' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU14.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:12:56", "bulletinFamily": "unix", "description": "Package : busybox\nVersion : 1:1.22.0-9+deb8u2\nCVE ID : CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147\n CVE-2016-2148 CVE-2017-15873 CVE-2017-16544\n CVE-2018-1000517\nDebian Bug : 902724 882258 879732 818497 818499 803097 802702\n\nBusybox, utility programs for small and embedded systems, was affected\nby several security vulnerabilities. The Common Vulnerabilities and\nExposures project identifies the following issues.\n\nCVE-2011-5325\n\n A path traversal vulnerability was found in Busybox implementation\n of tar. tar will extract a symlink that points outside of the\n current working directory and then follow that symlink when\n extracting other files. This allows for a directory traversal\n attack when extracting untrusted tarballs.\n\nCVE-2013-1813\n\n When device node or symlink in /dev should be created inside\n 2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate\n directories are created with incorrect permissions.\n\nCVE-2014-4607\n\n An integer overflow may occur when processing any variant of a\n "literal run" in the lzo1x_decompress_safe function. Each of these\n three locations is subject to an integer overflow when processing\n zero bytes. This exposes the code that copies literals to memory\n corruption.\n\nCVE-2014-9645\n\n The add_probe function in modutils/modprobe.c in BusyBox allows\n local users to bypass intended restrictions on loading kernel\n modules via a / (slash) character in a module name, as demonstrated\n by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none\n /" command.\n\nCVE-2016-2147\n\n Integer overflow in the DHCP client (udhcpc) in BusyBox allows\n remote attackers to cause a denial of service (crash) via a\n malformed RFC1035-encoded domain name, which triggers an\n out-of-bounds heap write.\n\nCVE-2016-2148\n\n Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox\n allows remote attackers to have unspecified impact via vectors\n involving OPTION_6RD parsing.\n\nCVE-2017-15873\n\n The get_next_block function in archival/libarchive\n /decompress_bunzip2.c in BusyBox has an Integer Overflow that may\n lead to a write access violation.\n\nCVE-2017-16544\n\n In the add_match function in libbb/lineedit.c in BusyBox, the tab\n autocomplete feature of the shell, used to get a list of filenames\n in a directory, does not sanitize filenames and results in executing\n any escape sequence in the terminal. This could potentially result\n in code execution, arbitrary file writes, or other attacks.\n\nCVE-2018-1000517\n\n BusyBox contains a Buffer Overflow vulnerability in\n Busybox wget that can result in a heap-based buffer overflow.\n This attack appears to be exploitable via network connectivity.\n\nCVE-2015-9621\n\n Unziping a specially crafted zip file results in a computation of an\n invalid pointer and a crash reading an invalid address.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:1.22.0-9+deb8u2.\n\nWe recommend that you upgrade your busybox packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2018-07-27T04:40:00", "published": "2018-07-27T04:40:00", "id": "DEBIAN:DLA-1445-1:15231", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00037.html", "title": "[SECURITY] [DLA 1445-1] busybox security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2019-04-12T23:15:21", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nTyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747)\n\nCVEs contained in this USN include: CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679, CVE-2019-5747\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.96\n * 3541.x versions prior to 3541.93\n * 3468.x versions prior to 3468.109\n * 3445.x versions prior to 3445.107\n * 3421.x versions prior to 3421.124\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.9\n * 97.x versions prior to 97.74\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.278.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.76.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.96\n * Upgrade 3541.x versions to 3541.93\n * Upgrade 3468.x versions to 3468.109\n * Upgrade 3445.x versions to 3445.107\n * Upgrade 3421.x versions to 3421.124\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.9\n * Upgrade 97.x versions to 97.74\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.278.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.76.0 or later.\n\n# References\n\n * [USN-3935-1](<https://usn.ubuntu.com/3935-1>)\n * [CVE-2011-5325](<https://people.canonical.com/~ubuntu-security/cve/CVE-2011-5325>)\n * [CVE-2014-9645](<https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9645>)\n * [CVE-2015-9261](<https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9261>)\n * [CVE-2016-2147](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2147>)\n * [CVE-2016-2148](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2148>)\n * [CVE-2017-15873](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15873>)\n * [CVE-2017-16544](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16544>)\n * [CVE-2018-1000517](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000517>)\n * [CVE-2018-20679](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20679>)\n * [CVE-2019-5747](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5747>)\n", "modified": "2019-04-12T00:00:00", "published": "2019-04-12T00:00:00", "id": "CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74", "href": "https://www.cloudfoundry.org/blog/usn-3935-1/", "title": "USN-3935-1: BusyBox vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-04-03T16:52:25", "bulletinFamily": "unix", "description": "Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747)", "modified": "2019-04-03T00:00:00", "published": "2019-04-03T00:00:00", "id": "USN-3935-1", "href": "https://usn.ubuntu.com/3935-1/", "title": "BusyBox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
