Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0533)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0533

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0533)

Zusammenfassung: The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2021-0533 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2021-0533 advisory.

Vulnerability Insight:
A NULL pointer dereference in Busybox's hush applet leads to denial of
service when processing a crafted shell command, due to missing validation
after a \x03 delimiter character. This may be used for DoS under very rare
conditions of filtered command input. (CVE-2021-42376)

An attacker-controlled pointer free in Busybox's hush applet leads to
denial of service and possible code execution when processing a crafted
shell command, due to the shell mishandling the &&& string. This may be
used for remote code execution under rare conditions of filtered command
input. (CVE-2021-42377)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
getvar_i function. (CVE-2021-42378)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
next_input_file function. (CVE-2021-42379)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
clrvar function. (CVE-2021-42380)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
hash_init function. (CVE-2021-42381)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
getvar_s function. (CVE-2021-42382)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
evaluate function. (CVE-2021-42383)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
handle_special function. (CVE-2021-42384)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
evaluate function. (CVE-2021-42385)

A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
nvalloc function. (CVE-2021-42386)

Affected Software/OS:
'busybox' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-42376
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Common Vulnerability Exposure (CVE) ID: CVE-2021-42377
Common Vulnerability Exposure (CVE) ID: CVE-2021-42378
Common Vulnerability Exposure (CVE) ID: CVE-2021-42379
Common Vulnerability Exposure (CVE) ID: CVE-2021-42380
Common Vulnerability Exposure (CVE) ID: CVE-2021-42381
Common Vulnerability Exposure (CVE) ID: CVE-2021-42382
Common Vulnerability Exposure (CVE) ID: CVE-2021-42383
Common Vulnerability Exposure (CVE) ID: CVE-2021-42384
Common Vulnerability Exposure (CVE) ID: CVE-2021-42385
Common Vulnerability Exposure (CVE) ID: CVE-2021-42386

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0533
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0533)
Zusammenfassung:	The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2021-0533 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2021-0533 advisory. Vulnerability Insight: A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376) An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. (CVE-2021-42378) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function. (CVE-2021-42379) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function. (CVE-2021-42380) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function. (CVE-2021-42381) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function. (CVE-2021-42382) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42383) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function. (CVE-2021-42384) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42385) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function. (CVE-2021-42386) Affected Software/OS: 'busybox' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-42376 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ Common Vulnerability Exposure (CVE) ID: CVE-2021-42377 Common Vulnerability Exposure (CVE) ID: CVE-2021-42378 Common Vulnerability Exposure (CVE) ID: CVE-2021-42379 Common Vulnerability Exposure (CVE) ID: CVE-2021-42380 Common Vulnerability Exposure (CVE) ID: CVE-2021-42381 Common Vulnerability Exposure (CVE) ID: CVE-2021-42382 Common Vulnerability Exposure (CVE) ID: CVE-2021-42383 Common Vulnerability Exposure (CVE) ID: CVE-2021-42384 Common Vulnerability Exposure (CVE) ID: CVE-2021-42385 Common Vulnerability Exposure (CVE) ID: CVE-2021-42386
Copyright	Copyright (C) 2022 Greenbone AG