CVE-2018-20679 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2018-20679
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. Se ha descubierto un problema en versiones anteriores a la 1.30.0 de BusyBox. Una lectura fuera de límites en los componentes udhcp (consumidos por el servidor, cliente y relays DHCP) permite que un atacante remoto filtre información sensible de la pila mediante el envío de un mensaje DHCP manipulado. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Sep/7 https://bugs.busybox.net/show_bug.cgi?id=11506 https://busybox.net/news.html https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c https://seclists.org/bugtraq/2019/Sep/7 https://usn.ubuntu.com/3935-1 • CWE-125: Out-of-bounds Read •
CVE-2015-9261 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2015-9261
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. huft_build en archival/libarchive/decompress_gunzip.c en BusyBox en versiones anteriores a la 1.27.2 utiliza incorrectamente un puntero, provocando segfaults y un cierre inesperado de la aplicación durante una operación unzip en un archivo ZIP especialmente manipulado. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2022/Jun/36 • CWE-476: NULL Pointer Dereference •
CVE-2018-1000517
https://notcve.org/view.php?id=CVE-2018-1000517
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. BusyBox wget, de BusyBox project , en versiones anteriores al commit con ID 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e, contiene una vulnerabilidad de desbordamiento de búfer en Busybox wget que puede resultar en un desbordamiento de búfer basado en memoria dinámica (heap). Este ataque parece ser explotable mediante conectividad de red. • https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html https://usn.ubuntu.com/3935-1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-1000500
https://notcve.org/view.php?id=CVE-2018-1000500
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet "busybox wget" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualquier archivo por HTTPS mediante "busybox wget https://compromised-domain.com/important-file". • http://lists.busybox.net/pipermail/busybox/2018-May/086462.html https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91 https://usn.ubuntu.com/4531-1 • CWE-295: Improper Certificate Validation •
CVE-2017-16544 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2017-16544
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista de nombres de archivo en un directorio, no inmuniza los nombres de archivo. Esto conduce a la ejecución de cualquier secuencia de escape en el terminal. Esto podría resultar en la ejecución de código, escrituras arbitrarias de archivos u otros ataques. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2020/Mar/15 http://seclists.org/fulldisclosure • CWE-94: Improper Control of Generation of Code ('Code Injection') •