CVE-2017-16544

 

Published at: - 20-11-2017 04:29

Last modified: - 20-06-2022 09:15

Total changes: - 13

Description

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
• https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
• [debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update-Mailing List, Third Party Advisory
• USN-3935-1-Third Party Advisory
• 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series-Exploit, Mailing List, Third Party Advisory
• 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series-Exploit, Mailing List, Third Party Advisory
• 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X-Exploit, Mailing List, Third Party Advisory
• 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X-Exploit, Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
• http://www.vmware.com/security/advisories/VMSA-2019-0013.html
• http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
• 20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client-Exploit, Mailing List, Third Party Advisory
• 20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S-Exploit, Mailing List, Third Party Advisory
• https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
• 20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W-Exploit, Mailing List, Third Party Advisory
• 20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series-Exploit, Mailing List, Third Party Advisory
• [debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update-Mailing List, Third Party Advisory
• 20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series-Exploit, Mailing List, Third Party Advisory
• 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series-
• http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

 

Keywords

NVD

 

CVE-2017-16544

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures