14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices
Nov 10, 2021
Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, DevOps company JFrog and industrial cybersecurity company Claroty said in a joint report. Dubbed "the Swiss Army Knife of Embedded Linux," BusyBox is a widely used software suite combining a variety of common Unix utilities or applets (e.g., cp , ls , grep ) into a single executable file that can run on Linux systems such as programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs). A quick list of the flaws and the applets they impact is below — man - CVE-2021-42373 lzma/unlzma - CVE-2021...