BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.
A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user running
BusyBox. (CVE-2006-1168)
The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option’s value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)
This update also fixes the following bugs:
Prior to this update, the cp command wrongly returned the exit code 0 to
indicate success if a device ran out of space while attempting to copy
files of more than 4 gigabytes. This update modifies BusyBox, so that in
such situations, the exit code 1 is returned. Now, the cp command shows
correctly whether a process failed. (BZ#689659)
Prior to this update, the findfs command failed to check all existing
block devices on a system with thousands of block device nodes in “/dev/”.
This update modifies BusyBox so that findfs checks all block devices even
in this case. (BZ#756723)
All users of busybox are advised to upgrade to these updated packages,
which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ppc | busybox | < 1.2.0-13.el5 | busybox-1.2.0-13.el5.ppc.rpm |
RedHat | 5 | s390x | busybox | < 1.2.0-13.el5 | busybox-1.2.0-13.el5.s390x.rpm |
RedHat | 5 | ppc | busybox-anaconda | < 1.2.0-13.el5 | busybox-anaconda-1.2.0-13.el5.ppc.rpm |
RedHat | 5 | i386 | busybox-anaconda | < 1.2.0-13.el5 | busybox-anaconda-1.2.0-13.el5.i386.rpm |
RedHat | 5 | ia64 | busybox | < 1.2.0-13.el5 | busybox-1.2.0-13.el5.ia64.rpm |
RedHat | 5 | src | busybox | < 1.2.0-13.el5 | busybox-1.2.0-13.el5.src.rpm |
RedHat | 5 | x86_64 | busybox-anaconda | < 1.2.0-13.el5 | busybox-anaconda-1.2.0-13.el5.x86_64.rpm |
RedHat | 5 | x86_64 | busybox | < 1.2.0-13.el5 | busybox-1.2.0-13.el5.x86_64.rpm |
RedHat | 5 | i386 | busybox | < 1.2.0-13.el5 | busybox-1.2.0-13.el5.i386.rpm |
RedHat | 5 | ia64 | busybox-anaconda | < 1.2.0-13.el5 | busybox-anaconda-1.2.0-13.el5.ia64.rpm |