ID GENTOO_GLSA-201612-04.NASL Type nessus Reporter This script is Copyright (C) 2016-2017 Tenable Network Security, Inc. Modified 2019-12-02T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201612-04
(BusyBox: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time. However, on Gentoo, the
remote code execution vulnerability can be avoided if you don’t use
BusyBox’s udhcpc or build the package without the “ipv6” USE flag
enabled.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201612-04.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(95519);
script_version("$Revision: 3.3 $");
script_cvs_date("$Date: 2017/02/21 14:37:42 $");
script_cve_id("CVE-2016-2147", "CVE-2016-2148");
script_xref(name:"GLSA", value:"201612-04");
script_name(english:"GLSA-201612-04 : BusyBox: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201612-04
(BusyBox: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time. However, on Gentoo, the
remote code execution vulnerability can be avoided if you don’t use
BusyBox’s udhcpc or build the package without the “ipv6” USE flag
enabled."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201612-04"
);
script_set_attribute(
attribute:"solution",
value:
"All BusyBox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:busybox");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"sys-apps/busybox", unaffected:make_list("ge 1.24.2"), vulnerable:make_list("lt 1.24.2"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BusyBox");
}
{"id": "GENTOO_GLSA-201612-04.NASL", "bulletinFamily": "scanner", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.", "published": "2016-12-05T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/95519", "reporter": "This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201612-04"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "type": "nessus", "lastseen": "2019-12-13T07:33:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.", "edition": 12, "enchantments": {"dependencies": {"modified": "2019-11-01T02:40:44", "references": [{"idList": ["UBUNTU_USN-3935-1.NASL"], "type": "nessus"}, {"idList": ["CVE-2016-2147", "CVE-2016-2148"], "type": "cve"}, {"idList": ["DEBIAN:DLA-1445-1:15231"], "type": "debian"}, {"idList": ["GLSA-201612-04"], "type": "gentoo"}, {"idList": ["PACKETSTORM:153278", "PACKETSTORM:154361"], "type": "packetstorm"}, {"idList": ["OPENVAS:1361412562310843963", "OPENVAS:1361412562310891445"], "type": "openvas"}, {"idList": ["CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74"], "type": "cloudfoundry"}, {"idList": ["USN-3935-1"], "type": "ubuntu"}]}, "score": {"modified": "2019-11-01T02:40:44", "value": 7.6, "vector": "NONE"}}, "hash": "b4eb176789cb96c7b7156f55a930bbb15b306d12833f660134ac8d785106b983", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "47015ddfa4deb4a2896849c48a344b18", "key": "description"}, {"hash": "4ab325cf188c2c277572d7abe412bfd0", "key": "reporter"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "b6254414e87e6916b57db4bbfd54c04d", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2019-11-01T02:40:44", "modified": "2019-11-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 6}, "differentElements": ["modified"], "edition": 12, "lastseen": "2019-11-01T02:40:44"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 4, "hash": "5320e85fac0c595f1b96ec457fc36e844b2bcea9e0f4ba6f34d712010a1547f3", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "f14d86500b340525838e4f7dcece45db", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2017-02-21T19:02:02", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2017-02-21T19:02:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "550fa84bbefbc4620b7b3f380442be657a6c5e25eb0ddb43e17a6e12e6ce8a25", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2018-08-30T19:36:23", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 4}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2018-08-30T19:36:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04 (BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don’t use BusyBox’s udhcpc or build the package without the “ipv6” USE flag enabled.", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-02-21T01:28:37", "references": [{"idList": ["CVE-2016-2147", "CVE-2016-2148"], "type": "cve"}, {"idList": ["DEBIAN:DLA-1445-1:15231"], "type": "debian"}, {"idList": ["GLSA-201612-04"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310843963", "OPENVAS:1361412562310891445"], "type": "openvas"}, {"idList": ["CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74"], "type": "cloudfoundry"}, {"idList": ["USN-3935-1"], "type": "ubuntu"}, {"idList": ["PACKETSTORM:153278"], "type": "packetstorm"}]}, "score": {"modified": "2019-02-21T01:28:37", "value": 7.5, "vector": "NONE"}}, "hash": "35f9b36654b53f1d488d9f347f83efe0e35be22ff5c81c6a4777604b8bcb4f69", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "7565f612f72abcf2c0cdd09cd5df5785", "key": "modified"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b44d52b127ad50bb6d5801eec2632736", "key": "href"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "df0a39dc2b2967fafafe1a0f74061741", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2019-02-21T01:28:37", "modified": "2017-02-21T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 5}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 10, "lastseen": "2019-02-21T01:28:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "cvelist": ["CVE-2016-2147", "CVE-2016-2148"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-10-28T20:24:18", "references": [{"idList": ["UBUNTU_USN-3935-1.NASL"], "type": "nessus"}, {"idList": ["CVE-2016-2147", "CVE-2016-2148"], "type": "cve"}, {"idList": ["DEBIAN:DLA-1445-1:15231"], "type": "debian"}, {"idList": ["GLSA-201612-04"], "type": "gentoo"}, {"idList": ["PACKETSTORM:153278", "PACKETSTORM:154361"], "type": "packetstorm"}, {"idList": ["OPENVAS:1361412562310843963", "OPENVAS:1361412562310891445"], "type": "openvas"}, {"idList": ["CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74"], "type": "cloudfoundry"}, {"idList": ["USN-3935-1"], "type": "ubuntu"}]}, "score": {"modified": "2019-10-28T20:24:18", "value": 7.6, "vector": "NONE"}}, "hash": "da5c88a153a2f2ef205549da72f5bbb5b7eacdcb4a22b5d1bb18c3e219d8b667", "hashmap": [{"hash": "95885e8234b3f20050e3e8eb8d9f2bb9", "key": "cvelist"}, {"hash": "ea981749286a23fef67d13f8c0217626", "key": "references"}, {"hash": "47015ddfa4deb4a2896849c48a344b18", "key": "description"}, {"hash": "4ab325cf188c2c277572d7abe412bfd0", "key": "reporter"}, {"hash": "2226cb6a873807f1c70e28d9db1cb90a", "key": "title"}, {"hash": "b6254414e87e6916b57db4bbfd54c04d", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "f5d52a762ea3014355f69f04aee37d52", "key": "published"}, {"hash": "486a33e7025603b916fa686abeaf103d", "key": "sourceData"}, {"hash": "feadb0d54b2aa8df062c20746250dd20", "key": "pluginID"}, {"hash": "48258be48885b7dcce542bdcd3262de9", "key": "cpe"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/95519", "id": "GENTOO_GLSA-201612-04.NASL", "lastseen": "2019-10-28T20:24:18", "modified": "2019-10-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "95519", "published": "2016-12-05T00:00:00", "references": ["https://security.gentoo.org/glsa/201612-04"], "reporter": "This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "title": "GLSA-201612-04 : BusyBox: Multiple vulnerabilities", "type": "nessus", "viewCount": 5}, "differentElements": ["modified"], "edition": 11, "lastseen": "2019-10-28T20:24:18"}], "edition": 13, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "48258be48885b7dcce542bdcd3262de9"}, {"key": "cvelist", "hash": "95885e8234b3f20050e3e8eb8d9f2bb9"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "47015ddfa4deb4a2896849c48a344b18"}, {"key": "href", "hash": "b6254414e87e6916b57db4bbfd54c04d"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "feadb0d54b2aa8df062c20746250dd20"}, {"key": "published", "hash": "f5d52a762ea3014355f69f04aee37d52"}, {"key": "references", "hash": "ea981749286a23fef67d13f8c0217626"}, {"key": "reporter", "hash": "4ab325cf188c2c277572d7abe412bfd0"}, {"key": "sourceData", "hash": "486a33e7025603b916fa686abeaf103d"}, {"key": "title", "hash": "2226cb6a873807f1c70e28d9db1cb90a"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "6037eb3c8abb75a8145cabd681aa8fe7e21e4cb54d3ceefe3f2a347595adf20c", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-2148", "CVE-2016-2147"]}, {"type": "gentoo", "idList": ["GLSA-201612-04"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74"]}, {"type": "ubuntu", "idList": ["USN-3935-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891445", "OPENVAS:1361412562310843963"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1445-1:15231"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3935-1.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154361", "PACKETSTORM:153278"]}], "modified": "2019-12-13T07:33:58"}, "score": {"value": 7.6, "vector": "NONE", "modified": "2019-12-13T07:33:58"}, "vulnersScore": 7.6}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-04.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95519);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2017/02/21 14:37:42 $\");\n\n script_cve_id(\"CVE-2016-2147\", \"CVE-2016-2148\");\n script_xref(name:\"GLSA\", value:\"201612-04\");\n\n script_name(english:\"GLSA-201612-04 : BusyBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-04\n(BusyBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in BusyBox. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time. However, on Gentoo, the\n remote code execution vulnerability can be avoided if you don’t use\n BusyBox’s udhcpc or build the package without the “ipv6” USE flag\n enabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BusyBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/busybox\", unaffected:make_list(\"ge 1.24.2\"), vulnerable:make_list(\"lt 1.24.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BusyBox\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "95519", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:busybox"], "scheme": null}
{"cve": [{"lastseen": "2019-09-05T11:38:24", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.", "modified": "2019-06-13T21:29:00", "id": "CVE-2016-2148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2148", "published": "2017-02-09T15:59:00", "title": "CVE-2016-2148", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-05T11:38:24", "bulletinFamily": "NVD", "description": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.", "modified": "2019-06-13T21:29:00", "id": "CVE-2016-2147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2147", "published": "2017-02-09T15:59:00", "title": "CVE-2016-2147", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-12-04T08:54:17", "bulletinFamily": "unix", "description": "### Background\n\nBusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. \n\n### Description\n\nMultiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time. However, on Gentoo, the remote code execution vulnerability can be avoided if you don\u2019t use BusyBox\u2019s udhcpc or build the package without the \u201cipv6\u201d USE flag enabled. \n\n### Resolution\n\nAll BusyBox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/busybox-1.24.2\"", "modified": "2016-12-04T00:00:00", "published": "2016-12-04T00:00:00", "href": "https://security.gentoo.org/glsa/201612-04", "id": "GLSA-201612-04", "type": "gentoo", "title": "BusyBox: Multiple vulnerabilities", "cvss": {"score": 5.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:35", "bulletinFamily": "unix", "description": "Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747)", "modified": "2019-04-03T00:00:00", "published": "2019-04-03T00:00:00", "id": "USN-3935-1", "href": "https://usn.ubuntu.com/3935-1/", "title": "BusyBox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:40", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nTyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP archives. If a user or automated system were tricked into processing a specially crafted ZIP archive, a remote attacker could cause BusyBox to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain malformed domain names. A remote attacker could possibly use this issue to cause the DHCP client to crash, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled certain 6RD options. A remote attacker could use this issue to cause the DHCP client to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2 archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, a remote attacker could cause BusyBox to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled certain responses. A remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled certain memory operations. A remote attacker could possibly use this issue to access sensitive information. (CVE-2018-20679, CVE-2019-5747)\n\nCVEs contained in this USN include: CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679, CVE-2019-5747\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.96\n * 3541.x versions prior to 3541.93\n * 3468.x versions prior to 3468.109\n * 3445.x versions prior to 3445.107\n * 3421.x versions prior to 3421.124\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.9\n * 97.x versions prior to 97.74\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.278.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.76.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.96\n * Upgrade 3541.x versions to 3541.93\n * Upgrade 3468.x versions to 3468.109\n * Upgrade 3445.x versions to 3445.107\n * Upgrade 3421.x versions to 3421.124\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.9\n * Upgrade 97.x versions to 97.74\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.278.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.76.0 or later.\n\n# References\n\n * [USN-3935-1](<https://usn.ubuntu.com/3935-1>)\n * [CVE-2011-5325](<https://people.canonical.com/~ubuntu-security/cve/CVE-2011-5325>)\n * [CVE-2014-9645](<https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9645>)\n * [CVE-2015-9261](<https://people.canonical.com/~ubuntu-security/cve/CVE-2015-9261>)\n * [CVE-2016-2147](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2147>)\n * [CVE-2016-2148](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2148>)\n * [CVE-2017-15873](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-15873>)\n * [CVE-2017-16544](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16544>)\n * [CVE-2018-1000517](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000517>)\n * [CVE-2018-20679](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20679>)\n * [CVE-2019-5747](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5747>)\n", "modified": "2019-04-12T00:00:00", "published": "2019-04-12T00:00:00", "id": "CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74", "href": "https://www.cloudfoundry.org/blog/usn-3935-1/", "title": "USN-3935-1: BusyBox vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "scanner", "description": "Busybox, utility programs for small and embedded systems, was affected\nby several security vulnerabilities. The Common Vulnerabilities and\nExposures project identifies the following issues.\n\nCVE-2011-5325\n\nA path traversal vulnerability was found in Busybox implementation\nof tar. tar will extract a symlink that points outside of the\ncurrent working directory and then follow that symlink when\nextracting other files. This allows for a directory traversal\nattack when extracting untrusted tarballs.\n\nCVE-2013-1813\n\nWhen device node or symlink in /dev should be created inside\n2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate\ndirectories are created with incorrect permissions.\n\nCVE-2014-4607\n\nAn integer overflow may occur when processing any variant of a\n", "modified": "2019-03-18T00:00:00", "published": "2018-07-27T00:00:00", "id": "OPENVAS:1361412562310891445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891445", "title": "Debian LTS Advisory ([SECURITY] [DLA 1445-1] busybox security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1445.nasl 14270 2019-03-18 14:24:29Z cfischer $\n#\n# Auto-generated from advisory DLA 1445-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891445\");\n script_version(\"$Revision: 14270 $\");\n script_cve_id(\"CVE-2011-5325\", \"CVE-2013-1813\", \"CVE-2014-4607\", \"CVE-2014-9645\", \"CVE-2015-9261\",\n \"CVE-2015-9621\", \"CVE-2016-2147\", \"CVE-2016-2148\", \"CVE-2017-15873\", \"CVE-2017-16544\",\n \"CVE-2018-1000517\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1445-1] busybox security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:24:29 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-27 00:00:00 +0200 (Fri, 27 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"busybox on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:1.22.0-9+deb8u2.\n\nWe recommend that you upgrade your busybox packages.\");\n script_tag(name:\"summary\", value:\"Busybox, utility programs for small and embedded systems, was affected\nby several security vulnerabilities. The Common Vulnerabilities and\nExposures project identifies the following issues.\n\nCVE-2011-5325\n\nA path traversal vulnerability was found in Busybox implementation\nof tar. tar will extract a symlink that points outside of the\ncurrent working directory and then follow that symlink when\nextracting other files. This allows for a directory traversal\nattack when extracting untrusted tarballs.\n\nCVE-2013-1813\n\nWhen device node or symlink in /dev should be created inside\n2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate\ndirectories are created with incorrect permissions.\n\nCVE-2014-4607\n\nAn integer overflow may occur when processing any variant of a\n'literal run' in the lzo1x_decompress_safe function. Each of these\nthree locations is subject to an integer overflow when processing\nzero bytes. This exposes the code that copies literals to memory\ncorruption.\n\nCVE-2014-9645\n\nThe add_probe function in modutils/modprobe.c in BusyBox allows\nlocal users to bypass intended restrictions on loading kernel\nmodules via a / (slash) character in a module name, as demonstrated\nby an 'ifconfig /usbserial up' command or a 'mount -t /snd_pcm none\n/' command.\n\nCVE-2016-2147\n\nInteger overflow in the DHCP client (udhcpc) in BusyBox allows\nremote attackers to cause a denial of service (crash) via a\nmalformed RFC1035-encoded domain name, which triggers an\nout-of-bounds heap write.\n\nCVE-2016-2148\n\nHeap-based buffer overflow in the DHCP client (udhcpc) in BusyBox\nallows remote attackers to have unspecified impact via vectors\ninvolving OPTION_6RD parsing.\n\nCVE-2017-15873\n\nThe get_next_block function in archival/libarchive\n/decompress_bunzip2.c in BusyBox has an Integer Overflow that may\nlead to a write access violation.\n\nCVE-2017-16544\n\nIn the add_match function in libbb/lineedit.c in BusyBox, the tab\nautocomplete feature of the shell, used to get a list of filenames\nin a directory, does not sanitize filenames and results in executing\nany escape sequence in the terminal. This could potentially result\nin code execution, arbitrary file writes, or other attacks.\n\nCVE-2018-1000517\n\nBusyBox contains a Buffer Overflow vulnerability in\nBusybox wget that can result in a heap-based buffer overflow.\nThis attack appears to be exploitable via network connectivity.\n\nCVE-2015-9621\n\nUnziping a specially crafted zip file results in a computation of an\ninvalid pointer and a crash reading an invalid address.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"busybox-syslogd\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.22.0-9+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-26T00:00:00", "published": "2019-04-04T00:00:00", "id": "OPENVAS:1361412562310843963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843963", "title": "Ubuntu Update for busybox USN-3935-1", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843963\");\n script_version(\"2019-04-26T08:24:31+0000\");\n script_cve_id(\"CVE-2011-5325\", \"CVE-2014-9645\", \"CVE-2015-9261\", \"CVE-2016-2147\",\n \"CVE-2016-2148\", \"CVE-2017-15873\", \"CVE-2017-16544\", \"CVE-2018-1000517\",\n \"CVE-2018-20679\", \"CVE-2019-5747\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 08:24:31 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-04 02:03:26 +0000 (Thu, 04 Apr 2019)\");\n script_name(\"Ubuntu Update for busybox USN-3935-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU14\\.04 LTS|UBUNTU18\\.04 LTS|UBUNTU18\\.10|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3935-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3935-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'busybox'\n package(s) announced via the USN-3935-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar\narchives. If a user or automated system were tricked into processing a\nspecially crafted tar archive, a remote attacker could overwrite arbitrary\nfiles outside of the current directory. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel module\nloading restrictions. A local attacker could possibly use this issue to\nbypass intended restrictions. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP archives. If\na user or automated system were tricked into processing a specially crafted\nZIP archive, a remote attacker could cause BusyBox to crash, leading to a\ndenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain malformed domain names. A remote attacker could possibly use this\nissue to cause the DHCP client to crash, leading to a denial of service.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain 6RD options. A remote attacker could use this issue to cause the\nDHCP client to crash, leading to a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2 archives.\nIf a user or automated system were tricked into processing a specially\ncrafted bzip2 archive, a remote attacker could cause BusyBox to crash,\nleading to a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A local\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled certain\nresponses. A remote attacker could use this issue to cause BusyBox to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled\ncertain memory operations. A remote attacker could possibly use this issue\nto access sensitive information. (CVE-2018-20679, CVE-2019-5747)\");\n\n script_tag(name:\"affected\", value:\"'busybox' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU14.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.21.0-1ubuntu1.4\", rls:\"UBUNTU14.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.27.2-2ubuntu3.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.27.2-2ubuntu4.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-initramfs\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"busybox-static\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpc\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"udhcpd\", ver:\"1:1.22.0-15ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:57", "bulletinFamily": "unix", "description": "Package : busybox\nVersion : 1:1.22.0-9+deb8u2\nCVE ID : CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147\n CVE-2016-2148 CVE-2017-15873 CVE-2017-16544\n CVE-2018-1000517\nDebian Bug : 902724 882258 879732 818497 818499 803097 802702\n\nBusybox, utility programs for small and embedded systems, was affected\nby several security vulnerabilities. The Common Vulnerabilities and\nExposures project identifies the following issues.\n\nCVE-2011-5325\n\n A path traversal vulnerability was found in Busybox implementation\n of tar. tar will extract a symlink that points outside of the\n current working directory and then follow that symlink when\n extracting other files. This allows for a directory traversal\n attack when extracting untrusted tarballs.\n\nCVE-2013-1813\n\n When device node or symlink in /dev should be created inside\n 2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate\n directories are created with incorrect permissions.\n\nCVE-2014-4607\n\n An integer overflow may occur when processing any variant of a\n "literal run" in the lzo1x_decompress_safe function. Each of these\n three locations is subject to an integer overflow when processing\n zero bytes. This exposes the code that copies literals to memory\n corruption.\n\nCVE-2014-9645\n\n The add_probe function in modutils/modprobe.c in BusyBox allows\n local users to bypass intended restrictions on loading kernel\n modules via a / (slash) character in a module name, as demonstrated\n by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none\n /" command.\n\nCVE-2016-2147\n\n Integer overflow in the DHCP client (udhcpc) in BusyBox allows\n remote attackers to cause a denial of service (crash) via a\n malformed RFC1035-encoded domain name, which triggers an\n out-of-bounds heap write.\n\nCVE-2016-2148\n\n Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox\n allows remote attackers to have unspecified impact via vectors\n involving OPTION_6RD parsing.\n\nCVE-2017-15873\n\n The get_next_block function in archival/libarchive\n /decompress_bunzip2.c in BusyBox has an Integer Overflow that may\n lead to a write access violation.\n\nCVE-2017-16544\n\n In the add_match function in libbb/lineedit.c in BusyBox, the tab\n autocomplete feature of the shell, used to get a list of filenames\n in a directory, does not sanitize filenames and results in executing\n any escape sequence in the terminal. This could potentially result\n in code execution, arbitrary file writes, or other attacks.\n\nCVE-2018-1000517\n\n BusyBox contains a Buffer Overflow vulnerability in\n Busybox wget that can result in a heap-based buffer overflow.\n This attack appears to be exploitable via network connectivity.\n\nCVE-2015-9621\n\n Unziping a specially crafted zip file results in a computation of an\n invalid pointer and a crash reading an invalid address.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:1.22.0-9+deb8u2.\n\nWe recommend that you upgrade your busybox packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2018-07-27T04:40:00", "published": "2018-07-27T04:40:00", "id": "DEBIAN:DLA-1445-1:15231", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00037.html", "title": "[SECURITY] [DLA 1445-1] busybox security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-12-13T09:53:49", "bulletinFamily": "scanner", "description": "Tyler Hicks discovered that BusyBox incorrectly handled symlinks\ninside tar archives. If a user or automated system were tricked into\nprocessing a specially crafted tar archive, a remote attacker could\noverwrite arbitrary files outside of the current directory. This issue\nonly affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel\nmodule loading restrictions. A local attacker could possibly use this\nissue to bypass intended restrictions. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP\narchives. If a user or automated system were tricked into processing a\nspecially crafted ZIP archive, a remote attacker could cause BusyBox\nto crash, leading to a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain malformed domain names. A remote attacker could possibly use\nthis issue to cause the DHCP client to crash, leading to a denial of\nservice. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain 6RD options. A remote attacker could use this issue to cause\nthe DHCP client to crash, leading to a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2\narchives. If a user or automated system were tricked into processing a\nspecially crafted bzip2 archive, a remote attacker could cause BusyBox\nto crash, leading to a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A\nlocal attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled\ncertain responses. A remote attacker could use this issue to cause\nBusyBox to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled\ncertain memory operations. A remote attacker could possibly use this\nissue to access sensitive information. (CVE-2018-20679, CVE-2019-5747).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-3935-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123751", "published": "2019-04-04T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : busybox vulnerabilities (USN-3935-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3935-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123751);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/18 12:31:49\");\n\n script_cve_id(\"CVE-2011-5325\", \"CVE-2014-9645\", \"CVE-2015-9261\", \"CVE-2016-2147\", \"CVE-2016-2148\", \"CVE-2017-15873\", \"CVE-2017-16544\", \"CVE-2018-1000517\", \"CVE-2018-20679\", \"CVE-2019-5747\");\n script_xref(name:\"USN\", value:\"3935-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : busybox vulnerabilities (USN-3935-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tyler Hicks discovered that BusyBox incorrectly handled symlinks\ninside tar archives. If a user or automated system were tricked into\nprocessing a specially crafted tar archive, a remote attacker could\noverwrite arbitrary files outside of the current directory. This issue\nonly affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)\n\nMathias Krause discovered that BusyBox incorrectly handled kernel\nmodule loading restrictions. A local attacker could possibly use this\nissue to bypass intended restrictions. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-9645)\n\nIt was discovered that BusyBox incorrectly handled certain ZIP\narchives. If a user or automated system were tricked into processing a\nspecially crafted ZIP archive, a remote attacker could cause BusyBox\nto crash, leading to a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2015-9261)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain malformed domain names. A remote attacker could possibly use\nthis issue to cause the DHCP client to crash, leading to a denial of\nservice. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-2147)\n\nNico Golde discovered that the BusyBox DHCP client incorrectly handled\ncertain 6RD options. A remote attacker could use this issue to cause\nthe DHCP client to crash, leading to a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-2148)\n\nIt was discovered that BusyBox incorrectly handled certain bzip2\narchives. If a user or automated system were tricked into processing a\nspecially crafted bzip2 archive, a remote attacker could cause BusyBox\nto crash, leading to a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2017-15873)\n\nIt was discovered that BusyBox incorrectly handled tab completion. A\nlocal attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2017-16544)\n\nIt was discovered that the BusyBox wget utility incorrectly handled\ncertain responses. A remote attacker could use this issue to cause\nBusyBox to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2018-1000517)\n\nIt was discovered that the BusyBox DHCP utilities incorrectly handled\ncertain memory operations. A remote attacker could possibly use this\nissue to access sensitive information. (CVE-2018-20679, CVE-2019-5747).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3935-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:busybox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:busybox-initramfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:busybox-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udhcpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:udhcpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"busybox\", pkgver:\"1:1.21.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"busybox-initramfs\", pkgver:\"1:1.21.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"busybox-static\", pkgver:\"1:1.21.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"udhcpc\", pkgver:\"1:1.21.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"udhcpd\", pkgver:\"1:1.21.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"busybox\", pkgver:\"1:1.22.0-15ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"busybox-initramfs\", pkgver:\"1:1.22.0-15ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"busybox-static\", pkgver:\"1:1.22.0-15ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"udhcpc\", pkgver:\"1:1.22.0-15ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"udhcpd\", pkgver:\"1:1.22.0-15ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"busybox\", pkgver:\"1:1.27.2-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"busybox-initramfs\", pkgver:\"1:1.27.2-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"busybox-static\", pkgver:\"1:1.27.2-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"udhcpc\", pkgver:\"1:1.27.2-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"udhcpd\", pkgver:\"1:1.27.2-2ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"busybox\", pkgver:\"1:1.27.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"busybox-initramfs\", pkgver:\"1:1.27.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"busybox-static\", pkgver:\"1:1.27.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"udhcpc\", pkgver:\"1:1.27.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"udhcpd\", pkgver:\"1:1.27.2-2ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"busybox / busybox-initramfs / busybox-static / udhcpc / udhcpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2019-09-05T23:02:41", "bulletinFamily": "exploit", "description": "", "modified": "2019-09-04T00:00:00", "published": "2019-09-04T00:00:00", "id": "PACKETSTORM:154361", "href": "https://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "title": "Cisco Device Hardcoded Credentials / GNU glibc / BusyBox", "type": "packetstorm", "sourceData": "`SEC Consult Vulnerability Lab Security Advisory < 20190904-0 > \n======================================================================= \ntitle: Multiple vulnerabilities \nproduct: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, \nCisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, \nCisco 160W \nvulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15 \nfixed version: see \"Solution\" \nCVE number: - \nimpact: High \nhomepage: https://www.cisco.com/ \nfound: 2019-05-15 \nby: T. Weber, S. Viehb\u00f6ck (Office Vienna) \nIoT Inspector \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult \nEurope | Asia | North America \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"Securely connecting your small business to the outside world is as important \nas connecting your internal network devices to one another. Cisco Small \nBusiness RV Series Routers offer virtual private networking (VPN) technology \nso your remote workers can connect to your network through a secure Internet \npathway.\" \n \nSource: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html \n \n \nBusiness recommendation: \n------------------------ \nWe want to thank Cisco for the very quick and professional response and great \ncoordination. Customers are urged to update the firmware of their devices. \n \n \nVulnerability overview/description: \n----------------------------------- \n1) Hardcoded Credentials \nThe device contains hardcoded users and passwords which can be used to login \nvia SSH on an emulated device at least. \n \nDuring the communication with Cisco it turned out that: \n\"Accounts like the 'debug-admin' and 'root' can not be accessed \nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for \nmalicious actions. \n \n2) Known GNU glibc Vulnerabilities \nThe used GNU glibc in version 2.19 is outdated and contains multiple known \nvulnerabilities. The outdated version was found by IoT Inspector. One of \nthe discovered vulnerabilities (CVE-2015-7547, \"getaddrinfo() buffer overflow\") \nwas verified by using the MEDUSA scalable firmware runtime. \n \n3) Known BusyBox Vulnerabilities \nThe used BusyBox toolkit in version 1.23.2 is outdated and contains multiple \nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using \nthe MEDUSA scaleable firmware runtime. \n \n \n4) Multiple Vulnerabilities - IoT Inspector Report \nFurther information can be found in IoT Inspector report: \nhttps://r.sec-consult.com/ciscoiot \n \n \nProof of concept: \n----------------- \n1) Hardcoded Credentials \nThe following hardcoded hashes were found in the 'shadow' file of the firmware: \nroot:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7::: \ndebug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7::: \n[...] \n \nThe undocumented user 'debug-admin' is also contained in this file. \n \nStarting the dropbear daemon as background process on emulated firmware: \n------------------------------------------------------------------------------- \n# dropbear -E \n# [1109] <timestamp> Running in background \n# \n# [1112] <timestamp> Child connection from <IP>:52718 \n[1112] <timestamp> /var must be owned by user or root, and not writable by others \n[1112] <timestamp> Password auth succeeded for 'debug-admin' from <IP>:52718 \n------------------------------------------------------------------------------- \n \nLog on via another host connected to the same network. For this PoC the \npassword of the debug-admin was changed in the 'shadow' file. \n------------------------------------------------------------------------------- \n[root@localhost medusa]# ssh debug-admin@<IP> /bin/ash -i \ndebug-admin@<IP>'s password: \n/bin/ash: can't access tty; job control turned off \n \n \nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash) \n \n/tmp $ \n------------------------------------------------------------------------------- \n \nThe 'debug-admin' user has the same privileges like 'root'. This can be \ndetermined from the corresponding sudoers file in the firmware: \n[...] \n## User privilege specification \n## \nroot ALL=(ALL) ALL \ndebug-admin ALL=(ALL) ALL \n \n## Uncomment to allow members of group wheel to execute any command \n# %wheel ALL=(ALL) ALL \n[...] \n \nDuring the communication with Cisco it turned out that: \n\"Accounts like the 'debug-admin' and 'root' can not be accessed \nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for \nmalicious actions. \n \n2) Known GNU glibc Vulnerabilities \nGNU glibc version 2.19 contains multiple CVEs like: \nCVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, \nCVE-2015-5277, CVE-2015-8778, CVE-2015-8779, CVE-2017-1000366 and more. \n \nThe getaddrinfo() buffer overflow vulnerability was checked with the help of \nthe exploit code from https://github.com/fjserna/CVE-2015-7547. It was compiled \nand executed on the emulated device to test the system. \n \n# python cve-2015-7547-poc.py & \n[1] 961 \n# chroot /medusa_rootfs/ bin/ash \n \n \nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash) \n \n# gdb cve-2015-7547_glibc_getaddrinfo \n[...] \n[UDP] Total Data len recv 36 \n[UDP] Total Data len recv 36 \nConnected with 127.0.0.1:41782 \n[TCP] Total Data len recv 76 \n[TCP] Request1 len recv 36 \n[TCP] Request2 len recv 36 \nCannot access memory at address 0x4 \n \nProgram received signal SIGSEGV, Segmentation fault. \n0x76f1fd58 in ?? () from /lib/libc.so.6 \n(gdb) \n \nReferences: \nhttps://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html \nhttps://github.com/fjserna/CVE-2015-7547 \n \n \n3) Known BusyBox Vulnerabilities \nBusyBox version 1.23.2 contains multiple CVEs like: \nCVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679, \nCVE-2017-16544 and CVE-2019-5747. \nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on \nan emulated device: \n \nA file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created to trigger the \nvulnerability. \n------------------------------------------------------------------------------- \n# ls \"pressing <TAB>\" \ntest \n]55;test.txt \n# \n------------------------------------------------------------------------------- \n \n4) Multiple Vulnerabilities - IoT Inspector Report \nFurther information can be found in IoT Inspector report: \nhttps://r.sec-consult.com/ciscoiot \n \nThe summary is below: \nIoT Inspector Vulnerability #1 BusyBox CVE entries \nOutdated BusyBox version is affected by 7 published CVEs. \n \nIoT Inspector Vulnerability #2 curl CVE entries \nOutdated curl version is affected by 35 published CVEs. \n \nIoT Inspector Vulnerability #3 GNU glibc CVE entries \nOutdated GNU glibc version is affected by 44 published CVEs. \n \nIoT Inspector Vulnerability #4 GNU glibc getaddrinfo() buffer overflow \nOutdated GNU glibc version is affected by CVE-2015-7547. \n \nIoT Inspector Vulnerability #5 Hardcoded password hashes \nFirmware contains multiple hardcoded credentials. \n \nIoT Inspector Vulnerability #6 Linux Kernel CVE entries \nOutdated Linux Kernel version affected by 512 published CVEs. \n \nIoT Inspector Vulnerability #7 MiniUPnPd CVE entries \nOutdated MiniUPnPd version affected by 2 published CVEs. \n \nIoT Inspector Vulnerability #8 Dnsmasq CVE entries \nOutdated MiniUPnPd version affected by 1 published CVE. \n \nIoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation \u201cpp_key\u201d \nOutdated Linux Kernel version is affected by CVE-2015-7547. \n \nIoT Inspector Vulnerability #10 OpenSSL CVE entries \nOutdated OpenSSL version affected by 6 published CVEs. \n \n \nVulnerable / tested versions: \n----------------------------- \nThe following firmware versions have been tested with IoT Inspector and \nfirmware emulation techniques: \nCisco RV340 / 1.0.02.16 \nCisco RV340W / 1.0.02.16 \nCisco RV345 / 1.0.02.16 \nCisco RV345P / 1.0.02.16 \nThe following firmware versions have been tested with IoT Inspector only: \nCisco RV260 / 1.0.00.15 \nCisco RV260P / 1.0.00.15 \nCisco RV260W / 1.0.00.15 \nCisco RV160 / 1.0.00.15 \nCisco RV160P / 1.0.00.15 \n \nThe firmware was obtained from the vendor website: \nhttps://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16 \nhttps://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15 \n \n \nVendor contact timeline: \n------------------------ \n2019-05-15: Contacting vendor through psirt@cisco.com. \n2019-05-16: Vendor confirmed the receipt. \n2019-05-2019-08: Periodic updates about the investigation from the vendor. \nClarification which of the reported issues will be fixed. \n2019-08-20: The vendor proposed the next possible publication date for the \nadvisory for 2019-09-04. The vendor added the RV160 and RV260 \nrouter series to be vulnerable to the same issues too. \n2019-09-04: Coordinated advisory release. \n \n \nSolution: \n--------- \nUpgrade to the newest available firmware version. \n \nAdditionally, the vendor provides the following security notice: \nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter \n \n \nWorkaround: \n----------- \nNone. \n \n \nAdvisory URL: \n------------- \nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html \n \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nSEC Consult Vulnerability Lab \n \nSEC Consult \nEurope | Asia | North America \n \nAbout SEC Consult Vulnerability Lab \nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It \nensures the continued knowledge gain of SEC Consult in the field of network \nand application security to stay ahead of the attacker. The SEC Consult \nVulnerability Lab supports high-quality penetration testing and the evaluation \nof new offensive and defensive technologies for our customers. Hence our \ncustomers obtain the most current information about vulnerabilities and valid \nrecommendation about the risk profile of new technologies. \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nInterested to work with the experts of SEC Consult? \nSend us your application https://www.sec-consult.com/en/career/index.html \n \nInterested in improving your cyber security with the experts of SEC Consult? \nContact our local offices https://www.sec-consult.com/en/contact/index.html \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nMail: research at sec-consult dot com \nWeb: https://www.sec-consult.com \nBlog: http://blog.sec-consult.com \nTwitter: https://twitter.com/sec_consult \n \nEOF T. Weber / @2019 \n \n`\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/154361/SA-20190904-0.txt"}, {"lastseen": "2019-06-17T03:59:51", "bulletinFamily": "exploit", "description": "", "modified": "2019-06-13T00:00:00", "published": "2019-06-13T00:00:00", "id": "PACKETSTORM:153278", "href": "https://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "title": "WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials", "type": "packetstorm", "sourceData": "`SEC Consult Vulnerability Lab Security Advisory < 20190612-0 > \n======================================================================= \ntitle: Multiple vulnerabilities \nproduct: WAGO 852 Industrial Managed Switch Series \nvulnerable version: 852-303: <v1.2.2.S0 \n852-1305: <v1.1.6.S0 \n852-1505: <v1.1.5.S0 \nfixed version: 852-303: v1.2.2.S0 \n852-1305: v1.1.6.S0 \n852-1505: v1.1.5.S0 \nCVE number: CVE-2019-12550, CVE-2019-12549 \nimpact: high \nhomepage: https://www.wago.com \nfound: 2019-03-08 \nby: T. Weber (Office Vienna) \nIoT Inspector \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult \nEurope | Asia | North America \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"New ideas are the driving force behind our success WAGO is a family-owned \ncompany headquartered in Minden, Germany. Independently operating for three \ngenerations, WAGO is the global leader of spring pressure electrical \ninterconnect and automation solutions. For more than 60 years, WAGO has \ndeveloped and produced innovative products for packaging, transportation, \nprocess, industrial and building automation markets amongst others. Aside from \nits innovations in spring pressure connection technology, WAGO has introduced \nnumerous innovations that have revolutionized industry. Further ground-breaking \ninventions include: the WAGO-I/O-SYSTEM\u00ae, TOPJOB S\u00ae and WALL-NUTS\u00ae.\" \n \nSource: http://www.wago.us/wago/ \n \n \n \nBusiness recommendation: \n------------------------ \nSEC Consult recommends to immediately apply the available patches \nfrom the vendor. A thorough security review should be performed by \nsecurity professionals to identify further potential security issues. \n \n \nVulnerability overview/description: \n----------------------------------- \nThe industrial managed switch series 852 from WAGO is affected by multiple \nvulnerabilities such as old software components embedded in the firmware. \nFurthermore, hardcoded password hashes and credentials were also found by doing \nan automated scan with IoT Inspector. Two vulnerabilities (CVE-2017-16544 and \nCVE-2015-0235) were verified by emulating the device with the MEDUSA scaleable \nfirmware runtime. The validity of the password hashes and the embedded keys were \nalso verified by emulating the device. \n \n \n1) Known BusyBox Vulnerabilities \nThe used BusyBox toolkit in version 1.12.0 is outdated and contains multiple \nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using \nthe MEDUSA scaleable firmware runtime. \n \n2) Known GNU glibc Vulnerabilities \nThe used GNU glibc in version 2.8 is outdated and contains multiple known \nvulnerabilities. The outdated version was found by IoT Inspector. One of \nthe discovered vulnerabilities (CVE-2015-0235, \"GHOST\") was verified by \nusing the MEDUSA scaleable firmware runtime. \n \n3) Hardcoded Credentials (CVE-2019-12550) \nThe device contains hardcoded users and passwords which can be used to login \nvia SSH and Telnet. \n \n4) Embedded Private Keys (CVE-2019-12549) \nThe device contains hardcoded private keys for the SSH daemon. The fingerprint \nof the SSH host key from the corresponding SSH daemon matches to the embedded \nprivate key. \n \n \nProof of concept: \n----------------- \n1) Known BusyBox Vulnerabilities \nBusyBox version 1.12.0 contains multiple CVEs like: \nCVE-2013-1813, CVE-2016-2148, CVE-2016-6301, CVE-2011-2716, CVE-2011-5325, \nCVE-2015-9261, CVE-2016-2147 and more. \n \nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on \nan emulated device. A file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created \nto trigger the vulnerability. \n \n------------------------------------------------------------------------------- \n# ls \"pressing <TAB>\" \ntest \n]55;test.txt \n# \n------------------------------------------------------------------------------- \n \n \n2) Known GNU glibc Vulnerabilities \nGNU glibc version 2.8 contains multiple CVEs like: \nCVE-2010-0296, CVE-2010-3856, CVE-2012-4412, CVE-2014-4043, CVE-2014-9402, \nCVE-2014-9761, CVE-2014-9984, CVE-2015-1472 and more. \n \nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the help \nof the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled \nand executed on the emulated device to test the system. \n \n \n3) Hardcoded Credentials (CVE-2019-12550) \nThe following credentials were found in the 'passwd' file of the firmware: \n<Password Hash> <Plaintext> <User> \n<removed> <removed> root \nNo password is set for the account [EMPTY PASSWORD] admin \n \nBy using these credentials, it's possible to connect via Telnet and SSH on the \nemulated device. Example for Telnet: \n------------------------------------------------------------------------------- \n[root@localhost ~]# telnet 192.168.0.133 \nTrying 192.168.0.133... \nConnected to 192.168.0.133. \nEscape character is '^]'. \n \nL2SWITCH login: root \nPassword: \n~ # \n------------------------------------------------------------------------------- \nExample for SSH: \n------------------------------------------------------------------------------- \n[root@localhost ~]# ssh 192.168.0.133 \nroot@192.168.0.133's password: \n~ # \n------------------------------------------------------------------------------- \n \n \n4) Embedded Private Keys (CVE-2019-12549) \nThe following host key fingerprint is shown by accessing the SSH daemon on \nthe emulated device: \n \n[root@localhost ~]# ssh 192.168.0.133 \nThe authenticity of host '192.168.0.133 (192.168.0.133)' can't be established. \nRSA key fingerprint is SHA256:X5Vr0/x0/j62N/aqZmHz96ojwl8x/I8mfzuT8o6uZso. \nRSA key fingerprint is MD5:2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2. \n \nThis matches the embedded private key (which has been removed from this advisory): \nSSH Fingerprint: 2e:65:85:fc:45:04:bd:68:30:74:51:45:7d:2f:95:e2 \n \n \nVulnerable / tested versions: \n----------------------------- \nAccording to the vendor, the following versions are affected: \n* 852-303: <v1.2.2.S0 \n* 852-1305: <v1.1.6.S0 \n* 852-1505: <v1.1.5.S0 \n \n \nVendor contact timeline: \n------------------------ \n2019-03-12: Contacting VDE CERT through info@cert.vde.com, received confirmation \n2019-03-26: Asking for a status update, VDE CERT is still waiting for details \n2019-03-28: VDE CERT requests information from WAGO again \n2019-04-09: Asking for a status update \n2019-04-11: VDE CERT: patched firmware release planned for end of May, requested \npostponement of advisory release \n2019-04-16: VDE CERT: update regarding affected firmware versions \n2019-04-24: Confirming advisory release for beginning of June \n2019-05-20: Asking for a status update \n2019-05-22: VDE CERT: no news from WAGO yet, 5th June release date \n2019-05-29: Asking for a status update \n2019-05-29: VDE CERT: detailed answer from WAGO, patches will be published \non 7th June, SEC Consult proposes new advisory release date for \n12th June \n2019-06-07: VDE CERT provides security advisory information from WAGO; \nWAGO releases security patches \n2019-06-12: Coordinated release of security advisory \n \n \nSolution: \n--------- \nThe vendor provides patches to their customers at their download page. The \nfollowing versions fix the issues: \n* 852-303: v1.2.2.S0 \n* 852-1305: v1.1.6.S0 \n* 852-1505: v1.1.5.S0 \n \nAccording to the vendor, busybox and glibc have been updated and the embedded \nprivate keys are being newly generated upon first boot and after a factory reset. \nThe root login via Telnet and SSH has been disabled and the admin account is \ndocumented and can be changed by the customer. \n \n \n \nWorkaround: \n----------- \nRestrict network access to the device & SSH server. \n \n \nAdvisory URL: \n------------- \nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html \n \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nSEC Consult Vulnerability Lab \n \nSEC Consult \nEurope | Asia | North America \n \nAbout SEC Consult Vulnerability Lab \nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It \nensures the continued knowledge gain of SEC Consult in the field of network \nand application security to stay ahead of the attacker. The SEC Consult \nVulnerability Lab supports high-quality penetration testing and the evaluation \nof new offensive and defensive technologies for our customers. Hence our \ncustomers obtain the most current information about vulnerabilities and valid \nrecommendation about the risk profile of new technologies. \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nInterested to work with the experts of SEC Consult? \nSend us your application https://www.sec-consult.com/en/career/index.html \n \nInterested in improving your cyber security with the experts of SEC Consult? \nContact our local offices https://www.sec-consult.com/en/contact/index.html \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nMail: research at sec-consult dot com \nWeb: https://www.sec-consult.com \nBlog: http://blog.sec-consult.com \nTwitter: https://twitter.com/sec_consult \n \nEOF T. Weber / @2019 \n \n`\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/153278/SA-20190612-0.txt"}]}
