Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-BUSYBOX-RHEL5.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 5 : busybox (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
redhat enterprise linux
unpatched
busybox
heap-based buffer overflow
integer overflow
denial of service
remote attackers
ntp packet
cpu and bandwidth consumption
integer overflow
integer underflow
code execution

8.5 High

AI Score

Confidence

Low

0.088 Low

EPSS

Percentile

94.6%

JSON

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • busybox: heap-based buffer overflow in OPTION_6RD parsing (CVE-2016-2148)

  • Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. (CVE-2016-2147)

  • The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. (CVE-2016-6301)

  • The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. (CVE-2017-15873)

  • archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. (CVE-2017-15874)

  • In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. (CVE-2017-16544)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory busybox. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(195488);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-2147",
    "CVE-2016-2148",
    "CVE-2016-6301",
    "CVE-2017-15873",
    "CVE-2017-15874",
    "CVE-2017-16544"
  );

  script_name(english:"RHEL 5 : busybox (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 5 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - busybox: heap-based buffer overflow in OPTION_6RD parsing (CVE-2016-2148)

  - Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a
    denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds
    heap write. (CVE-2016-2147)

  - The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause
    a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a
    communication loop. (CVE-2016-6301)

  - The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer
    Overflow that may lead to a write access violation. (CVE-2017-15873)

  - archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read
    access violation. (CVE-2017-15874)

  - In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of
    the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in
    executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary
    file writes, or other attacks. (CVE-2017-16544)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2148");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:busybox");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'busybox', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'busybox'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'busybox');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxbusyboxp-cpe:/a:redhat:enterprise_linux:busybox

Related

gentoo 3
nessus 17
osv 7
packetstorm 8
ubuntu 1
openvas 8
cloudfoundry 1
debian 2
prion 6
nvd 6
cvelist 6
veracode 5
alpinelinux 6
cve 6
redhatcve 4
ubuntucve 6
debiancve 6
archlinux 2
mageia 1
ibm 2
suse 1
vmware 2
zdt 2
ics 2
gentoo
gentoo
BusyBox: Multiple vulnerabilities
2018-03-26 00:00:00
BusyBox: Multiple vulnerabilities
2016-12-04 00:00:00
BusyBox: Denial of service
2017-01-01 00:00:00
nessus
nessus
GLSA-201803-12 : BusyBox: Multiple vulnerabilities
2018-03-27 00:00:00
RHEL 6 : busybox (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 5 : busybox (Unpatched Vulnerability)
2024-06-03 00:00:00
osv
osv
busybox - security update
2021-02-15 00:00:00
busybox - security update
2018-07-27 00:00:00
CVE-2017-15874
2017-10-24 20:29:00
packetstorm
packetstorm
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
2020-08-27 00:00:00
Phoenix Contact TC Router / TC Cloud Client Command Injection
2020-03-14 00:00:00
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
2019-09-04 00:00:00
ubuntu
ubuntu
BusyBox vulnerabilities
2019-04-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3935-1)
2019-04-04 00:00:00
Debian: Security Advisory (DLA-2559-1)
2021-02-16 00:00:00
Debian: Security Advisory (DLA-1445-1)
2018-07-26 00:00:00
cloudfoundry
cloudfoundry
USN-3935-1: BusyBox vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
debian
debian
[SECURITY] [DLA 2559-1] busybox security update
2021-02-15 11:56:52
[SECURITY] [DLA 1445-1] busybox security update
2018-07-27 04:39:37
prion
prion
Integer overflow
2017-10-24 20:29:00
Integer overflow
2017-10-24 20:29:00
Design/Logic Flaw
2017-11-20 15:29:00
nvd
nvd
CVE-2017-15874
2017-10-24 20:29:00
CVE-2017-15873
2017-10-24 20:29:00
CVE-2016-6301
2016-12-09 20:59:01
cvelist
cvelist
CVE-2017-15874
2017-10-24 20:00:00
CVE-2017-15873
2017-10-24 20:00:00
CVE-2017-16544
2017-11-20 15:00:00
veracode
veracode
Arbitrary Code Execution
2020-05-10 23:24:36
Denial Of Serivce (DoS)
2020-05-10 23:28:00
Denial Of Service (DoS)
2020-08-06 21:30:29
alpinelinux
alpinelinux
CVE-2017-16544
2017-11-20 15:29:00
CVE-2017-15874
2017-10-24 20:29:00
CVE-2017-15873
2017-10-24 20:29:00
cve
cve
CVE-2017-15874
2017-10-24 20:29:00
CVE-2017-16544
2017-11-20 15:29:00
CVE-2017-15873
2017-10-24 20:29:00
redhatcve
redhatcve
CVE-2017-15874
2017-11-20 14:20:06
CVE-2017-15873
2017-11-20 12:50:18
CVE-2016-6301
2016-08-03 12:18:19
ubuntucve
ubuntucve
CVE-2017-15874
2017-10-24 00:00:00
CVE-2017-15873
2017-10-24 00:00:00
CVE-2017-16544
2017-11-20 00:00:00
debiancve
debiancve
CVE-2017-15874
2017-10-24 20:29:00
CVE-2017-16544
2017-11-20 15:29:00
CVE-2017-15873
2017-10-24 20:29:00
archlinux
archlinux
[ASA-201803-1] busybox: arbitrary code execution
2018-03-01 00:00:00
[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution
2018-03-01 00:00:00
mageia
mageia
Updated openntpd/busybox packages fix security vulnerability
2016-08-09 11:58:37
ibm
ibm
Security Bulletin: A vulnerability in busybox affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2016-2147)
2019-01-31 02:25:02
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private
2018-07-20 18:56:04
suse
suse
Security update for busybox (important)
2022-05-18 00:00:00
vmware
vmware
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)
2019-09-16 00:00:00
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)
2019-09-16 00:00:00
zdt
zdt
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability
2021-08-19 00:00:00
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability
2022-06-21 00:00:00
ics
ics
Red Lion N-Tron 702-W, 702M12-W
2020-08-27 12:00:00
Advantech Spectre RT Industrial Routers
2021-02-23 12:00:00

8.5 High

AI Score

Confidence

Low

0.088 Low

EPSS

Percentile

94.6%

JSON
Related for REDHAT_UNPATCHED-BUSYBOX-RHEL5.NASL
gentoo3nessus17osv7packetstorm8ubuntu1openvas8cloudfoundry1debian2prion6nvd6cvelist6veracode5alpinelinux6cve6redhatcve4ubuntucve6debiancve6archlinux2mageia1ibm2suse1vmware2zdt2ics2