CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9645 – Ubuntu Security Notice USN-3935-1
https://notcve.org/view.php?id=CVE-2014-9645
09 Feb 2015 — The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. La función add_probe en modutils/modprobe.c en BusyBox en versiones anteriores a 1.23.0 permite a usuarios locales eludir las restricciones previstas al cargar los módulos del kernel a través de un caracter / (barra oblicua)... • http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 101EXPL: 2CVE-2013-1813 – busybox: insecure directory permissions in /dev
https://notcve.org/view.php?id=CVE-2013-1813
21 Nov 2013 — util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. util-linux/mdev.c en BusyBox anterior a la versión 1.21.0 utiliza permisos 0777 en directorios padre al crear directorios anidados bajo /dev/, lo que permite a usuarios locales tener un impacto y vectores de ataques desconocidos. BusyBox provides a single binary that includes versions of a large number of sys... • https://packetstorm.news/files/id/153278 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 92EXPL: 1CVE-2011-2716 – busybox: udhcpc insufficient checking of DHCP options
https://notcve.org/view.php?id=CVE-2011-2716
03 Jul 2012 — The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. El cliente DHCP (udhcpc) en BusyBox anterior a v1.20.0 permite a servidores DHCP remotos ejecutar comandos arbitrarios mediante una shell de metacaracteres en el (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, y (4) las opciones de nombre de host TFTP_SERVER_NAME The industrial ma... • https://packetstorm.news/files/id/153278 • CWE-20: Improper Input Validation •