Debian 9 DLA-2559-1 Critical: Busybox Path Traversal And Buffer Overflow
debian lts
February 15, 2021
Busybox, utility programs for small and embedded systems, was affected by several security vulnerabilities
Summary
A path traversal vulnerability was found in Busybox implementation
of tar. tar will extract a symlink that points outside of the
current working directory and then follow that symlink when
extracting other files. This allows for a directory traversal
attack when extracting untrusted tarballs.
CVE-2013-1813
When device node or symlink in /dev should be created inside
2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate
directories are created with incorrect permissions.
CVE-2014-4607
An integer overflow may occur when processing any variant of a
"literal run" in the lzo1x_decompress_safe function. Each of these
three locations is subject to an integer overflow when processing
zero bytes. This exposes the code that copies literals to memory
corruption.
CVE-2014-9645
The add_probe function in modutils/modprobe.c in BusyBox allows
local users to bypass intended restrictions on loading kernel
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: busybox
Version: 1:1.22.0-19+deb9u1
CVE ID: CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148
Debian Bug: 902724 882258 879732 818497 818499 803097 802702
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!