Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2017-16544

Published: 20/11/2017 Updated: 28/10/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Busybox

Vulnerability Summary

In the add_match function in libbb/lineedit.c in BusyBox up to and including 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

busybox busybox

debian debian linux 8.0

debian debian linux 9.0

vmware esxi 6.0

vmware esxi 6.5

vmware esxi 6.7

redlion n-tron_702-w_firmware

redlion n-tron_702m12-w_firmware

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

Vendor Advisories

Ubuntu Security Notice: busybox vulnerabilities
Several security issues were fixed in BusyBox ...
Debian CVElist Bug Report Logs: CVE-2017-15874 / CVE-2017-15873
Debian Bug report logs - #879732 CVE-2017-15874 / CVE-2017-15873 Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@listsdebianorg>; Source for busybox is src:busybox (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 25 Oct 2017 07:12:02 UTC Severity ...
Debian CVElist Bug Report Logs: busybox: CVE-2017-16544: lineedit: do not tab-complete any strings which have control characters
Debian Bug report logs - #882258 busybox: CVE-2017-16544: lineedit: do not tab-complete any strings which have control characters Package: src:busybox; Maintainer for src:busybox is Debian Install System Team <debian-boot@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Nov 2017 1 ...
Red Hat: CVE-2017-16544
It was found that the tab auto-completion feature of BusyBox did not sanitize filenames, leading to execution of arbitrary escape sequences in the terminal emulator Exploitation of this flaw by an attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage ...
Arch Linux Issues:
In the add_match function in libbb/lineeditc in BusyBox through 1272, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal This could potentially result in code execution, arbitrary file writes, or other attacks ...

Exploits

Exploit DB: Phoenix Contact TC Router / TC Cloud Client Command Injection
Phoenix Contact TC Router and TC Cloud Client versions 2053 and below, 20317 and below, and 10317 and below suffer from authenticated command injection and various other vulnerabilities ...
Exploit DB: Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities ...
Exploit DB: ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV10001 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver ...
Exploit DB: Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
Red Lion N-Tron 702-W and 702M12-W versions 2026 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities ...
Exploit DB: Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection
Pepperl+Fuchs IO-Link Master Series with system version 136 and application version 1528 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities ...
Exploit DB: Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components ...
Exploit DB: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...
Exploit DB: Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Mailing Lists

Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...
Full Disclosure: SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series <!--X-Subject-Header-E ...
Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...
Full Disclosure: SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S <!--X-Subject-Header-End--> <!--X-H ...
Full Disclosure: SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series <!--X-Subject-Header-End- ...
Full Disclosure: SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router &amp; TC Cloud Client <!--X- ...

References

CWE-94https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8https://lists.debian.org/debian-lts-announce/2018/07/msg00037.htmlhttps://usn.ubuntu.com/3935-1/http://seclists.org/fulldisclosure/2019/Jun/18https://seclists.org/bugtraq/2019/Jun/14http://seclists.org/fulldisclosure/2019/Sep/7https://seclists.org/bugtraq/2019/Sep/7http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlhttp://www.vmware.com/security/advisories/VMSA-2019-0013.htmlhttp://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.htmlhttp://seclists.org/fulldisclosure/2020/Mar/15http://seclists.org/fulldisclosure/2020/Aug/20https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01http://seclists.org/fulldisclosure/2020/Sep/6http://seclists.org/fulldisclosure/2021/Jan/39https://lists.debian.org/debian-lts-announce/2021/02/msg00020.htmlhttp://seclists.org/fulldisclosure/2021/Aug/21http://seclists.org/fulldisclosure/2022/Jun/36http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.htmlhttps://usn.ubuntu.com/3935-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook