CVE-2017-16544

Опубликовано: 20 нояб. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Ссылки

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Jun/18
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Sep/7
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/20
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Mar/15
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/6
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Aug/21
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jan/39
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/36
Exploit
Mailing List
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0013.html
Third Party Advisory
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/14
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/7
Exploit
Mailing List
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
Third Party Advisory
US Government Resource
https://usn.ubuntu.com/3935-1/
Third Party Advisory
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*

Версия до 1.27.2 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201903001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201905001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.0:600-201909001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:n-tron_702-w:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:n-tron_702m12-w:-:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 80%

0.01476

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2017-16544

CVSS3: 8.8

ubuntu

почти 8 лет назад

CVE-2017-16544

CVSS3: 4.8

redhat

почти 8 лет назад

CVE-2017-16544

CVSS3: 8.8

debian

почти 8 лет назад

In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...

GHSA-234c-568r-p7m4

CVSS3: 8.8

github

больше 3 лет назад

BDU:2021-03363

CVSS3: 8.8

fstec

около 8 лет назад

Уязвимость функции add_match компонента libbb/lineedit.c набора UNIX-утилит командной строки BusyBox, связанная с недостатком механизма управления генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 80%

0.01476

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94