Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
d04293581994ba012e305b667f533a43f91c013c6da677eff4fa9c29ace725ffGentoo Linux Security Advisory 201503-13 - Multiple vulnerabilities have been found in BusyBox, allowing context dependent attackers to load arbitrary kernel modules, execute arbitrary files, or cause a Denial of Service condition. Versions less than 1.23.1 are affected.
d53909ca9603f24a82643ad31fa0ef347f8a0d12dbb4dca631b68ebd5d7a6bffMandriva Linux Security Advisory 2015-031 - The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this.
7ffcb0404049f1aab91ea9e1205ee647979c657bccac06a41d752983b70e64a3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed