Lucene search

K
redhatcveRedhat.comRH:CVE-2023-39810
HistoryAug 29, 2023 - 9:25 p.m.

CVE-2023-39810

2023-08-2921:25:55
redhat.com
access.redhat.com
16
busybox
cpio command
directory traversal
unauthorized file overwriting
shell scripts
mitigation
gnu cpio
file name argument
archive files
trusted

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%

A flaw was found in the BusyBox tool. This issue occurs in the cpio command of BusyBox and may allow attackers to execute a directory traversal. If untrusted archives are extracted, this can result in files written outside of the destination directory or files being overwritten that contain configuration in the form of shell scripts such as ~/.bashrc or scripts that enable login from a remote side such as the ~/.ssh/authorized_keys file.

Mitigation

Change the default behavior to ignore relative file names with a …/ pattern within the cpio archive. To process files with a directory traversal pattern, a command line flag could be introduced, as done in GNU cpio.

Users can specify on the BusyBox cpio command line which file name should be unpacked, which should be safe as long as no directory traversal is included in that file name argument.

Users may also consider using another cpio implementation, or may ensure that archive files are trusted.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%