Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0533
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0533)
Summary:	The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2021-0533 advisory.
Description:	Summary: The remote host is missing an update for the 'busybox' package(s) announced via the MGASA-2021-0533 advisory. Vulnerability Insight: A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376) An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. (CVE-2021-42378) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function. (CVE-2021-42379) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function. (CVE-2021-42380) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function. (CVE-2021-42381) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function. (CVE-2021-42382) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42383) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function. (CVE-2021-42384) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42385) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function. (CVE-2021-42386) Affected Software/OS: 'busybox' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-42376 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ Common Vulnerability Exposure (CVE) ID: CVE-2021-42377 Common Vulnerability Exposure (CVE) ID: CVE-2021-42378 Common Vulnerability Exposure (CVE) ID: CVE-2021-42379 Common Vulnerability Exposure (CVE) ID: CVE-2021-42380 Common Vulnerability Exposure (CVE) ID: CVE-2021-42381 Common Vulnerability Exposure (CVE) ID: CVE-2021-42382 Common Vulnerability Exposure (CVE) ID: CVE-2021-42383 Common Vulnerability Exposure (CVE) ID: CVE-2021-42384 Common Vulnerability Exposure (CVE) ID: CVE-2021-42385 Common Vulnerability Exposure (CVE) ID: CVE-2021-42386
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.