Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3935-1
HistoryApr 03, 2019 - 12:00 a.m.

BusyBox vulnerabilities

2019-04-0300:00:00
ubuntu.com
659

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.079 Low

EPSS

Percentile

94.2%

JSON

Releases

  • Ubuntu 18.10
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • busybox - Tiny utilities for small and embedded systems

Details

Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar
archives. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could overwrite arbitrary
files outside of the current directory. This issue only affected Ubuntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2011-5325)

Mathias Krause discovered that BusyBox incorrectly handled kernel module
loading restrictions. A local attacker could possibly use this issue to
bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-9645)

It was discovered that BusyBox incorrectly handled certain ZIP archives. If
a user or automated system were tricked into processing a specially crafted
ZIP archive, a remote attacker could cause BusyBox to crash, leading to a
denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2015-9261)

Nico Golde discovered that the BusyBox DHCP client incorrectly handled
certain malformed domain names. A remote attacker could possibly use this
issue to cause the DHCP client to crash, leading to a denial of service.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-2147)

Nico Golde discovered that the BusyBox DHCP client incorrectly handled
certain 6RD options. A remote attacker could use this issue to cause the
DHCP client to crash, leading to a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-2148)

It was discovered that BusyBox incorrectly handled certain bzip2 archives.
If a user or automated system were tricked into processing a specially
crafted bzip2 archive, a remote attacker could cause BusyBox to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15873)

It was discovered that BusyBox incorrectly handled tab completion. A local
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-16544)

It was discovered that the BusyBox wget utility incorrectly handled certain
responses. A remote attacker could use this issue to cause BusyBox to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2018-1000517)

It was discovered that the BusyBox DHCP utilities incorrectly handled
certain memory operations. A remote attacker could possibly use this issue
to access sensitive information. (CVE-2018-20679, CVE-2019-5747)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.10noarchbusybox< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-dbgsym< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-initramfs< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-initramfs-dbgsym< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-static< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-static-dbgsym< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-syslogd< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchbusybox-udeb< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchudhcpc< 1:1.27.2-2ubuntu4.1UNKNOWN
Ubuntu18.10noarchudhcpd< 1:1.27.2-2ubuntu4.1UNKNOWN
Rows per page:
1-10 of 411

Related

cloudfoundry 1
openvas 20
nessus 21
osv 9
debian 4
packetstorm 8
suse 3
redhatcve 5
cve 11
ubuntucve 10
prion 11
debiancve 10
alpinelinux 6
gentoo 3
veracode 9
securityvulns 2
ibm 6
mageia 2
checkpoint_advisories 1
zdt 2
archlinux 2
ics 2
vmware 2
cloudfoundry
cloudfoundry
USN-3935-1: BusyBox vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3935-1)
2019-04-04 00:00:00
Debian: Security Advisory (DLA-1445-1)
2018-07-26 00:00:00
Debian: Security Advisory (DLA-2559-1)
2021-02-16 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : BusyBox vulnerabilities (USN-3935-1)
2019-04-04 00:00:00
Debian DLA-2559-1 : busybox security update
2021-02-16 00:00:00
SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2022:4260-1)
2022-11-29 00:00:00
osv
osv
busybox - security update
2018-07-27 00:00:00
busybox - security update
2021-02-15 00:00:00
CVE-2019-5747
2019-01-09 16:29:00
debian
debian
[SECURITY] [DLA 1445-1] busybox security update
2018-07-27 04:39:37
[SECURITY] [DLA 2559-1] busybox security update
2021-02-15 11:56:52
[SECURITY] [DLA 1445-3] busybox regression update
2018-08-03 05:18:30
packetstorm
packetstorm
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
2020-08-27 00:00:00
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
2019-09-04 00:00:00
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
2022-06-20 00:00:00
suse
suse
Security update for busybox (important)
2021-10-27 00:00:00
Security update for busybox (important)
2021-10-31 00:00:00
Security update for busybox (important)
2022-05-18 00:00:00
redhatcve
redhatcve
CVE-2019-5747
2019-10-12 02:19:26
CVE-2017-15873
2017-11-20 12:50:18
CVE-2017-16544
2017-11-21 09:50:16
cve
cve
CVE-2019-5747
2019-01-09 16:29:00
CVE-2014-9645
2017-03-12 06:59:00
CVE-2017-15873
2017-10-24 20:29:00
ubuntucve
ubuntucve
CVE-2018-20679
2019-01-09 00:00:00
CVE-2019-5747
2019-01-09 00:00:00
CVE-2014-9645
2017-03-12 00:00:00
prion
prion
Out-of-bounds
2019-01-09 16:29:00
Command injection
2017-03-12 06:59:00
Design/Logic Flaw
2017-11-20 15:29:00
debiancve
debiancve
CVE-2019-5747
2019-01-09 16:29:00
CVE-2018-1000517
2018-06-26 16:29:00
CVE-2014-9645
2017-03-12 06:59:00
alpinelinux
alpinelinux
CVE-2019-5747
2019-01-09 16:29:00
CVE-2017-16544
2017-11-20 15:29:00
CVE-2017-15873
2017-10-24 20:29:00
gentoo
gentoo
BusyBox: Multiple vulnerabilities
2016-12-04 00:00:00
BusyBox: Multiple vulnerabilities
2018-03-26 00:00:00
BusyBox: Multiple vulnerabilities
2015-03-29 00:00:00
veracode
veracode
Authorization Bypass
2020-09-21 06:36:59
Arbitrary Code Execution
2020-05-10 23:24:36
Arbitrry Code Execution
2020-09-21 06:27:33
securityvulns
securityvulns
[ MDVSA-2015:031 ] busybox
2015-02-11 00:00:00
busybox restrictions bypass
2015-02-11 00:00:00
ibm
ibm
Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645)
2018-06-16 21:50:12
Security Bulletin: A vulnerability in busybox affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2016-2147)
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )
2018-06-16 21:46:13
mageia
mageia
Updated busybox packages fix CVE-2014-9645
2015-01-28 00:08:29
Updated busybox packages fix security vulnerability
2018-10-26 21:47:14
checkpoint_advisories
checkpoint_advisories
BusyBox Project BusyBox udhcp Option Out of Bounds Read (CVE-2018-20679)
2019-02-24 00:00:00
zdt
zdt
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability
2022-06-21 00:00:00
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability
2021-08-19 00:00:00
archlinux
archlinux
[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution
2018-03-01 00:00:00
[ASA-201803-1] busybox: arbitrary code execution
2018-03-01 00:00:00
ics
ics
Advantech Spectre RT Industrial Routers
2021-02-23 12:00:00
Red Lion N-Tron 702-W, 702M12-W
2020-08-27 12:00:00
vmware
vmware
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)
2019-09-16 00:00:00
VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. (CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534)
2019-09-16 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.079 Low

EPSS

Percentile

94.2%

JSON
Related for USN-3935-1
cloudfoundry1openvas20nessus21osv9debian4packetstorm8suse3redhatcve5cve11ubuntucve10prion11debiancve10alpinelinux6gentoo3veracode9securityvulns2ibm6mageia2checkpoint_advisories1zdt2archlinux2ics2vmware2