Vulnerability13/2018
Published
BusyBox project has fixed a vulnerability in BusyBox wget that may allow an attacker to execute arbitrary commands in the target system.
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It is generally used in embedded operating systems with limited resources.
Vulnerability coordination:
The vulnerability was found by Antti Levomäki, Christian Jalio, and Joonas Pihlaja from Forcepoint. NCSC-FI would like to thank Forcepoint and the BusyBox project for participating in the coordination.
Target
- Embedded systems
- Servers and server applications
Attack vector
- Remote
Impact
- Denial-of-service attack
- Execution of arbitrary commands
Remediation
- Software update patch
Subject of vulnerability
- BusyBox versions prior to 1.29.0
What is it about?
- Update BusyBox to the latest version.