The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0810 advisory.

    BusyBox provides a single binary that includes versions of a large number     of system commands, including a shell. This can be very useful for     recovering from certain types of system failures, particularly those     involving broken shared libraries.

    A buffer underflow flaw was found in the way the uncompress utility of     BusyBox expanded certain archive files compressed using Lempel-Ziv     compression. If a user were tricked into expanding a specially-crafted     archive file with uncompress, it could cause BusyBox to crash or,     potentially, execute arbitrary code with the privileges of the user     running BusyBox. (CVE-2006-1168)

    The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain     options provided in DHCP server replies, such as the client hostname. A     malicious DHCP server could send such an option with a specially-crafted     value to a DHCP client. If this option's value was saved on the client     system, and then later insecurely evaluated by a process that assumes the     option is trusted, it could lead to arbitrary code execution with the     privileges of that process. Note: udhcpc is not used on Red Hat Enterprise     Linux by default, and no DHCP client script is provided with the busybox     packages. (CVE-2011-2716)

    This update also fixes the following bugs:

    * Prior to this update, the findfs command did not recognize Btrfs     partitions. As a consequence, an error message could occur when dumping a     core file. This update adds support for recognizing such partitions so     the problem no longer occurs. (BZ#751927)

    * If the grep command was used with the -F and -i options at the     same time, the -i option was ignored. As a consequence, the grep -iF     command incorrectly performed a case-sensitive search instead of an     insensitive search. A patch has been applied to ensure that the combination     of the -F and -i options works as expected. (BZ#752134)

    * Prior to this update, the msh shell did not support the set -o pipefail     command. This update adds support for this command. (BZ#782018)

    * Previously, the msh shell could terminate unexpectedly with a     segmentation fault when attempting to execute an empty command as a result     of variable substitution (for example msh -c '$nonexistent_variable').
    With this update, msh has been modified to correctly interpret such     commands and no longer crashes in this scenario. (BZ#809092)

    * Previously, the msh shell incorrectly executed empty loops. As a     consequence, msh never exited such a loop even if the loop condition was     false, which could cause scripts using the loop to become unresponsive.
    With this update, msh has been modified to execute and exit empty loops     correctly, so that hangs no longer occur. (BZ#752132)

    All users of busybox are advised to upgrade to these updated packages,     which contain backported patches to fix these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0308 advisory.

    BusyBox provides a single binary that includes versions of a large number     of system commands, including a shell. This can be very useful for     recovering from certain types of system failures, particularly those     involving broken shared libraries.

    A buffer underflow flaw was found in the way the uncompress utility of     BusyBox expanded certain archive files compressed using Lempel-Ziv     compression. If a user were tricked into expanding a specially-crafted     archive file with uncompress, it could cause BusyBox to crash or,     potentially, execute arbitrary code with the privileges of the user running     BusyBox. (CVE-2006-1168)

    The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain     options provided in DHCP server replies, such as the client hostname. A     malicious DHCP server could send such an option with a specially-crafted     value to a DHCP client. If this option's value was saved on the client     system, and then later insecurely evaluated by a process that assumes the     option is trusted, it could lead to arbitrary code execution with the     privileges of that process. Note: udhcpc is not used on Red Hat Enterprise     Linux by default, and no DHCP client script is provided with the busybox     packages. (CVE-2011-2716)

    This update also fixes the following bugs:

    * Prior to this update, the cp command wrongly returned the exit code 0 to     indicate success if a device ran out of space while attempting to copy     files of more than 4 gigabytes. This update modifies BusyBox, so that in     such situations, the exit code 1 is returned. Now, the cp command shows     correctly whether a process failed. (BZ#689659)

    * Prior to this update, the findfs command failed to check all existing     block devices on a system with thousands of block device nodes in /dev/.
    This update modifies BusyBox so that findfs checks all block devices even     in this case. (BZ#756723)

    All users of busybox are advised to upgrade to these updated packages,     which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.
A malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-2716)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0308 advisory.

    [1:1.2.0-13]
    - Resolves: #768083 'busybox various flaws' including:
      'buffer underflow in decompression'       'udhcpc insufficient checking of DHCP options'

    [1:1.2.0-12]
    - Resolves: #756723       'Kdump fails after findfs subcommand of busybox fails'

    [1:1.2.0-11]
    - Resolves: #689659       ''busybox cp' does not return a correct exit code when 'No space left on device''

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

From Red Hat Security Advisory 2012:0810 :

Updated busybox packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.
A malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)

This update also fixes the following bugs :

* Prior to this update, the 'findfs' command did not recognize Btrfs partitions. As a consequence, an error message could occur when dumping a core file. This update adds support for recognizing such partitions so the problem no longer occurs. (BZ#751927)

* If the 'grep' command was used with the '-F' and '-i' options at the same time, the '-i' option was ignored. As a consequence, the 'grep
-iF' command incorrectly performed a case-sensitive search instead of an insensitive search. A patch has been applied to ensure that the combination of the '-F' and '-i' options works as expected.
(BZ#752134)

* Prior to this update, the msh shell did not support the 'set -o pipefail' command. This update adds support for this command.
(BZ#782018)

* Previously, the msh shell could terminate unexpectedly with a segmentation fault when attempting to execute an empty command as a result of variable substitution (for example msh -c '$nonexistent_variable'). With this update, msh has been modified to correctly interpret such commands and no longer crashes in this scenario. (BZ#809092)

* Previously, the msh shell incorrectly executed empty loops. As a consequence, msh never exited such a loop even if the loop condition was false, which could cause scripts using the loop to become unresponsive. With this update, msh has been modified to execute and exit empty loops correctly, so that hangs no longer occur. (BZ#752132)

All users of busybox are advised to upgrade to these updated packages, which contain backported patches to fix these issues.

BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.
A malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Scientific Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)

This update also fixes the following bugs :

  - Prior to this update, the cp command wrongly returned     the exit code 0 to indicate success if a device ran out     of space while attempting to copy files of more than 4     gigabytes. This update modifies BusyBox, so that in such     situations, the exit code 1 is returned. Now, the cp     command shows correctly whether a process failed.

  - Prior to this update, the findfs command failed to check     all existing block devices on a system with thousands of     block device nodes in '/dev/'. This update modifies     BusyBox so that findfs checks all block devices even in     this case.

All users of busybox are advised to upgrade to these updated packages, which correct these issues.

Multiple vulnerabilities was found and corrected in busybox :

The decompress function in ncompress allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow (CVE-2006-1168).

A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted (CVE-2011-2716).

Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory.

The updated packages have been patched to correct these issues.

Update :

The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

Updated busybox packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.
A malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)

This update also fixes the following bugs :

* Prior to this update, the 'findfs' command did not recognize Btrfs partitions. As a consequence, an error message could occur when dumping a core file. This update adds support for recognizing such partitions so the problem no longer occurs. (BZ#751927)

* If the 'grep' command was used with the '-F' and '-i' options at the same time, the '-i' option was ignored. As a consequence, the 'grep
-iF' command incorrectly performed a case-sensitive search instead of an insensitive search. A patch has been applied to ensure that the combination of the '-F' and '-i' options works as expected.
(BZ#752134)

* Prior to this update, the msh shell did not support the 'set -o pipefail' command. This update adds support for this command.
(BZ#782018)

* Previously, the msh shell could terminate unexpectedly with a segmentation fault when attempting to execute an empty command as a result of variable substitution (for example msh -c '$nonexistent_variable'). With this update, msh has been modified to correctly interpret such commands and no longer crashes in this scenario. (BZ#809092)

* Previously, the msh shell incorrectly executed empty loops. As a consequence, msh never exited such a loop even if the loop condition was false, which could cause scripts using the loop to become unresponsive. With this update, msh has been modified to execute and exit empty loops correctly, so that hangs no longer occur. (BZ#752132)

All users of busybox are advised to upgrade to these updated packages, which contain backported patches to fix these issues.

BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.
A malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Scientific Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)

This update also fixes the following bugs :

  - Prior to this update, the 'findfs' command did not     recognize Btrfs partitions. As a consequence, an error     message could occur when dumping a core file. This     update adds support for recognizing such partitions so     the problem no longer occurs.

  - If the 'grep' command was used with the '-F' and '-i'     options at the same time, the '-i' option was ignored.
    As a consequence, the 'grep -iF' command incorrectly     performed a case-sensitive search instead of an     insensitive search. A patch has been applied to ensure     that the combination of the '-F' and '-i' options works     as expected.

  - Prior to this update, the msh shell did not support the     'set -o pipefail' command. This update adds support for     this command.

  - Previously, the msh shell could terminate unexpectedly     with a segmentation fault when attempting to execute an     empty command as a result of variable substitution (for     example msh -c '$nonexistent_variable'). With this     update, msh has been modified to correctly interpret     such commands and no longer crashes in this scenario.

  - Previously, the msh shell incorrectly executed empty     loops. As a consequence, msh never exited such a loop     even if the loop condition was false, which could cause     scripts using the loop to become unresponsive. With this     update, msh has been modified to execute and exit empty     loops correctly, so that hangs no longer occur.

All users of busybox are advised to upgrade to these updated packages, which contain backported patches to fix these issues.

The remote host is affected by the vulnerability described in GLSA-201312-02 (BusyBox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in BusyBox. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could send a specially crafted DHCP request to       possibly execute arbitrary code or cause Denial of Service.
  Workaround :

    There is no known workaround at this time.

An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)

A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)

A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)

Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.

This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :

CVE-2006-1168 and CVE-2011-2716 (busybox issues)

CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)

CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)

CVE-2011-1526 (krb5 issue)

CVE-2011-4347 (kvm issue)

CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)

CVE-2011-1749 (nfs-utils issue)

CVE-2011-4108 (openssl issue)

CVE-2011-0010 (sudo issue)

CVE-2011-1675 and CVE-2011-1677 (util-linux issues)

CVE-2010-0424 (vixie-cron issue)

This updated rhev-hypervisor5 package fixes various bugs.
Documentation of these changes will be available shortly in the Technical Notes document :

https://docs.redhat.com/docs/en-US/ Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes / index.html

Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.

ID	Name	Product	Family	Published	Updated	Severity
59586	RHEL 6 : busybox (RHSA-2012:0810)	Nessus	Red Hat Local Security Checks	6/20/2012	11/4/2024	critical
58062	RHEL 5 : busybox (RHSA-2012:0308)	Nessus	Red Hat Local Security Checks	2/21/2012	11/4/2024	critical
69593	Amazon Linux AMI : busybox (ALAS-2012-103)	Nessus	Amazon Linux Local Security Checks	9/4/2013	4/18/2018	high
68479	Oracle Linux 5 : busybox (ELSA-2012-0308)	Nessus	Oracle Linux Local Security Checks	7/12/2013	10/22/2024	critical
68550	Oracle Linux 6 : busybox (ELSA-2012-0810)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	high
61257	Scientific Linux Security Update : busybox on SL5.x i386/x86_64 (20120221)	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
61978	Mandriva Linux Security Advisory : busybox (MDVSA-2012:129-1)	Nessus	Mandriva Local Security Checks	9/6/2012	1/6/2021	high
59921	CentOS 6 : busybox (CESA-2012:0810)	Nessus	CentOS Local Security Checks	7/11/2012	1/4/2021	high
61337	Scientific Linux Security Update : busybox on SL6.x i386/x86_64 (20120620)	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
71168	GLSA-201312-02 : BusyBox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	12/3/2013	1/6/2021	high
79283	RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)	Nessus	Red Hat Local Security Checks	11/17/2014	1/14/2021	high

Detections

Analytics

Plugins Search

critical

critical

high

critical

high

high

high

high

high

high

high