CVE-2017-15873

Related Files

Ubuntu Security Notice USN-3935-1

Posted Apr 3, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, kernel, local

systems | linux, ubuntu

advisories | CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679

SHA-256 | d04293581994ba012e305b667f533a43f91c013c6da677eff4fa9c29ace725ff

Download | Favorite | View

Gentoo Linux Security Advisory 201803-12

Posted Mar 26, 2018

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2017-15873, CVE-2017-15874, CVE-2017-16544

SHA-256 | 588359ff5f2c3bbf4fd2ef4dd07154b16880b4831f2d6100b5c05d71eee8101b

Download | Favorite | View