GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Dec 03, 2013 5:26 am Post subject: [ GLSA 201312-02 ] BusyBox: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: BusyBox: Multiple vulnerabilities (GLSA 201312-02)
Severity: normal
Exploitable: remote
Date: December 03, 2013
Bug(s): #379857, #426504, #461372
ID: 201312-02
Synopsis
Multiple vulnerabilities have been found in BusyBox, allowing
remote attackers to execute arbitrary code or cause a Denial of Service
condition.
Background
BusyBox is set of tools for embedded systems and is a replacement for
GNU Coreutils.
Affected Packages
Package: sys-apps/busybox
Vulnerable: < 1.21.0
Unaffected: >= 1.21.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could send a specially crafted DHCP request to
possibly execute arbitrary code or cause Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All BusyBox users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.21.0"
|
References
CVE-2006-1168
CVE-2011-2716
CVE-2013-1813 |
|
News & Announcements
