Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

Vulnerability13/2018

BusyBox project has fixed a vulnerability in BusyBox wget that may allow an attacker to execute arbitrary commands in the target system.

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It is generally used in embedded operating systems with limited resources.

Vulnerability coordination:

The vulnerability was found by Antti Levomäki, Christian Jalio, and Joonas Pihlaja from Forcepoint. NCSC-FI would like to thank Forcepoint and the BusyBox project for participating in the coordination.

Target

  • Embedded systems
  • Servers and server applications

Attack vector

  • Remote

Impact

  • Denial-of-service attack
  • Execution of arbitrary commands

Remediation

  • Software update patch

Subject of vulnerability

  • BusyBox versions prior to 1.29.0

What is it about?

  • Update BusyBox to the latest version.

What can I do?