GLSA-201612-04 : BusyBox: Multiple vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201612-04
(BusyBox: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.

Workaround :

There is no known workaround at this time. However, on Gentoo, the
remote code execution vulnerability can be avoided if you don’t use
BusyBox’s udhcpc or build the package without the “ipv6” USE flag
enabled.

See also :

https://security.gentoo.org/glsa/201612-04

Solution :

All BusyBox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/busybox-1.24.2'

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 95519 ()

Bugtraq ID:

CVE ID: CVE-2016-2147
CVE-2016-2148

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now