CVE-2016-2148

Related Files

Ubuntu Security Notice USN-3935-1

Posted Apr 3, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, kernel, local

systems | linux, ubuntu

advisories | CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679

MD5 | 537cbc38c3f21a909d462cda7acf5390

Download | Favorite | Comments (0)

Gentoo Linux Security Advisory 201612-04

Posted Dec 5, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-4 - Multiple vulnerabilities have been found in BusyBox, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.24.2 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2016-2147, CVE-2016-2148

MD5 | 48635d37d09f16afc937b5f584ef1ab1

Download | Favorite | Comments (0)