CVE-2017-16544 Information

Description

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2 the tab autocomplete feature of the shell used to get a list of filenames in a directory does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution arbitrary file writes or other attacks.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2020/Mar/15 http://seclists.org/fulldisclosure/2020/Sep/6 http://www.vmware.com/security/advisories/VMSA-2019-0013.html https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html https://seclists.org/bugtraq/2019/Jun/14 https://seclists.org/bugtraq/2019/Sep/7 https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01 https://usn.ubuntu.com/3935-1/ https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8