CVE-2018-20679
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
Se ha descubierto un problema en versiones anteriores a la 1.30.0 de BusyBox. Una lectura fuera de límites en los componentes udhcp (consumidos por el servidor, cliente y relays DHCP) permite que un atacante remoto filtre información sensible de la pila mediante el envío de un mensaje DHCP manipulado. Esto está relacionado con la verificación en udhcp_get_option() en networking/udhcp/common.c de que las opciones 4-byte tienen, efectivamente, 4 bytes.
Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-09 CVE Reserved
- 2019-01-09 CVE Published
- 2019-09-04 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2019/Sep/7 | Mailing List |
|
| https://busybox.net/news.html | Release Notes | |
| https://seclists.org/bugtraq/2019/Sep/7 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/154361 | 2019-09-04 | |
| https://bugs.busybox.net/show_bug.cgi?id=11506 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c | 2019-09-04 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3935-1 | 2019-09-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Busybox Search vendor "Busybox" | Busybox Search vendor "Busybox" for product "Busybox" | < 1.30.0 Search vendor "Busybox" for product "Busybox" and version " < 1.30.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||