Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-16544  

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Source
Severity High

Remote No

Type Arbitrary code execution

Description 

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

AVG-514 mkinitcpio-busybox 1.27.2-1 1.28.1-1 High Fixed FS#56391

AVG-512 busybox 1.27.2-1 1.28.1-1 High Fixed FS#56391

01 Mar 2018 ASA-201803-2 AVG-514 mkinitcpio-busybox High arbitrary code execution

01 Mar 2018 ASA-201803-1 AVG-512 busybox High arbitrary code execution 

https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started