Showing 1 - 6 of 6

CVE-2017-16544

Status Candidate

Overview

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Related Files

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor: Posted Jun 20, 2022; Authored by T. Weber | Site sec-consult.com; Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.; tags | exploit; advisories | CVE-2015-0235, CVE-2015-7547, CVE-2015-9261, CVE-2017-16544, CVE-2022-32985; SHA-256 | 811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36; Download | Favorite | View

VMware Security Advisory 2019-0013: Posted Sep 20, 2019; Authored by VMware | Site vmware.com; VMware Security Advisory 2019-0013 - VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities.; tags | advisory, vulnerability, info disclosure; advisories | CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534; SHA-256 | 7ae81418b88c50964c3ec2eca5fb6e16aa19df476d8be7e332903866535a9182; Download | Favorite | View

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox: Posted Sep 4, 2019; Authored by T. Weber | Site sec-consult.com; Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.; tags | exploit, vulnerability; systems | cisco; advisories | CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-7547, CVE-2015-8778, CVE-2015-8779, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2017-1000366, CVE-2017-16544, CVE-2018-20679, CVE-2019-5747; SHA-256 | 3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817; Download | Favorite | View

WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials: Posted Jun 13, 2019; Authored by T. Weber | Site sec-consult.com; The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.; tags | exploit, vulnerability; advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550; SHA-256 | 5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65; Download | Favorite | View

Ubuntu Security Notice USN-3935-1: Posted Apr 3, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3935-1 - Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Mathias Krause discovered that BusyBox incorrectly handled kernel module loading restrictions. A local attacker could possibly use this issue to bypass intended restrictions. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.; tags | advisory, remote, arbitrary, kernel, local; systems | linux, ubuntu; advisories | CVE-2011-5325, CVE-2014-9645, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2017-15873, CVE-2017-16544, CVE-2018-1000517, CVE-2018-20679; SHA-256 | d04293581994ba012e305b667f533a43f91c013c6da677eff4fa9c29ace725ff; Download | Favorite | View

Gentoo Linux Security Advisory 201803-12: Posted Mar 26, 2018; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2017-15873, CVE-2017-15874, CVE-2017-16544; SHA-256 | 588359ff5f2c3bbf4fd2ef4dd07154b16880b4831f2d6100b5c05d71eee8101b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Jay Turla 111 files
Ubuntu 63 files
Gentoo 33 files
Debian 27 files
sinn3r 23 files
h00die 23 files
Pedro Ribeiro 21 files
juan vazquez 18 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (377)
CentOS (58)
Cisco (1,944)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,966)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,788)
UNIX (9,443)
UnixWare (187)
Windows (6,732)
Other

CVE-2017-16544

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems