Summary: | <sys-apps/busybox-1.28.0: tar directory traversal | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | embedded |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.busybox.net/8411 | ||
See Also: | https://bugs.busybox.net/show_bug.cgi?id=8411 | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 638258 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-10-22 07:52:39 UTC
From $URL: Thanks for detailing this bug. I can now confirm that this has been exploited "in the wild" to root / jailbreak DJI Mavic, Spark, Inspire2, and Phantom 4 drone series. Exploit here for posterity https://github.com/MAVProxyUser/P0VsRedHerring/blob/master/RedHerring.rb#L24 Thanks for pushing to get this patched. It has festered for a while. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7271c533c68a35f72cdb907d3e2743275505c5c6 commit 7271c533c68a35f72cdb907d3e2743275505c5c6 Author: Mike Frysinger <vapier@gentoo.org> AuthorDate: 2018-01-24 04:11:19 +0000 Commit: Mike Frysinger <vapier@gentoo.org> CommitDate: 2018-01-24 04:14:46 +0000 sys-apps/busybox: version bump to 1.28.0 #563756 #635392 #638258 Bug: https://bugs.gentoo.org/563756 Bug: https://bugs.gentoo.org/635392 Bug: https://bugs.gentoo.org/638258 sys-apps/busybox/Manifest | 1 + sys-apps/busybox/busybox-1.28.0.ebuild | 310 +++++++++++++++++++++++++++++++++ 2 files changed, 311 insertions(+)} This issue was resolved and addressed in GLSA 201803-12 at https://security.gentoo.org/glsa/201803-12 by GLSA coordinator Aaron Bauman (b-man). |