BMI Gaming

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices – Internet

Npressfetimg 3447.png

Cybersafety evaluationers on Tuesday disclosed 14 essential vulnerabilities Inside the BusyBox Linux utility That Can be exploited to Finish in a denial-of-service (DoS) situation and, in choose situations, even Outcome in information leaks and distant code execution.

The safety weaknesses, tracked from CVE-2021-42373 by way of CVE-2021-42386, have an effect on a quantity of fashions of the system Starting from 1.16-1.33.1, DevOps agency JFrog and industrial cybersafety agency Claroty said in a joint report.

Dubbed “the Swiss Army Knife of Embedded Linux,” BusyBox is a extensively used Computer software suite combining Pretty a Little bit of widespread Unix utilities or applets (e.g., cp, ls, grep) Proper into a single executable file Which will run on Linux methods Similar to programmable logic controllers (PLCs), human-machine interfaces (HMIs), and distant terminal mannequins (RTUs).

A quick itemizing of The factors and the applets they influence is under —

  • man – CVE-2021-42373
  • lzma/unlzma – CVE-2021-42374
  • ash – CVE-2021-42375
  • hush – CVE-2021-42376, CVE-2021-42377
  • awk – CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386

Triggered by supplying untrusted knowledge by way of command line to the weak applets, worthwhile exploitation of The factors might Finish in denial-of-service, inadvertent disclosure of delicate information, and probably code execution. The weaknesses have since been addressed in BusyBox mannequin 1.34.0, which was launched on August 19, following accountable disclosure.

“These new vulnerabilities that We have disclosed solely manifest in particular situations, however Could be terribly drawbackatic when exploitable,” said Shachar Menashe, senior director of safety evaluation at JFrog. “The proliferation of BusyBox makes this A drawback that Want to be addressed by safety teams. As such, we encourage corporations to improve their BusyBox mannequin, or Guarantee They do not Appear to be using any of the have an effect oned applets.”

Source: https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html

Linux

Leave a Reply

Your email address will not be published. Required fields are marked *