Lucene search

K

Veracode Vulnerability DatabaseVERACODE:10798

HistoryJan 15, 2019 - 8:52 a.m.

Remote Code Execution (RCE)

2019-01-1508:52:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

busybox is vulnerable to remote code execution (RCE) attacks. The vulnerability exists in the decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

CPENameOperatorVersion
busyboxeq1.15.1__11.el6
busyboxeq1.2.0__10.el5
busyboxeq1.15.1__10.el6
busyboxeq1.2.0__4.el5
busyboxeq1.2.0__9.el5
busyboxeq1.2.0__7.el5
ncompresseq4.2.4__41.rhel4
ncompress:sideq4.2.4.6-4
ncompress:bustereq4.2.4.5-3
ncompress:bullseyeeq4.2.4.6-4

Rows per page:

1-10 of 111

References

bugs.gentoo.org/show_bug.cgi?id=141728

downloads.avaya.com/css/P8/documents/100158840

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

rhn.redhat.com/errata/RHSA-2012-0810.html

secunia.com/advisories/21427

secunia.com/advisories/21434

secunia.com/advisories/21437

secunia.com/advisories/21467

secunia.com/advisories/21880

secunia.com/advisories/22036

secunia.com/advisories/22296

secunia.com/advisories/22377

security.gentoo.org/glsa/glsa-200610-03.xml

securitytracker.com/id?1016836

support.avaya.com/elmodocs2/security/ASA-2006-226.htm

www.debian.org/security/2006/dsa-1149

www.mandriva.com/security/advisories?name=MDKSA-2006:140

www.mandriva.com/security/advisories?name=MDVSA-2012:129

www.novell.com/linux/security/advisories/2006_20_sr.html

www.redhat.com/support/errata/RHSA-2006-0663.html

www.securityfocus.com/bid/19455

www.vupen.com/english/advisories/2006/3234

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/show_bug.cgi?id=728536

bugzilla.redhat.com/show_bug.cgi?id=752134

bugzilla.redhat.com/show_bug.cgi?id=809092

exchange.xforce.ibmcloud.com/vulnerabilities/28315

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9373

rhn.redhat.com/errata/RHSA-2012-0810.html

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for VERACODE:10798

nessus23 oraclelinux3 openvas31 debian1 debiancve3 prion3 ubuntucve3 centos3 redhat4 cve3 gentoo2 securityvulns1 veracode1 amazon1