This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DHCP:EXPLOIT:CVE-2018-20679-OB
|
Severity |
Minor
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
DHCP
|
Keywords |
BusyBox Project BusyBox udhcp Option CVE-2018-20679 Out of Bounds Read
|
Release Date |
2019/02/25
|
Update Number |
3145
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DHCP: BusyBox Project BusyBox udhcp Option CVE-2018-20679 Out of Bounds Read
This signature detects attempts to exploit a known vulnerability against udhcp module of BusyBox. Successful exploitation of this vulnerability could result in disclosure of sensitive information.
Extended Description
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
Affected Products
- Busybox busybox -
- Busybox busybox 0.38
- Busybox busybox 0.39
- Busybox busybox 0.40
- Busybox busybox 0.41
- Busybox busybox 0.42
- Busybox busybox 0.43
- Busybox busybox 0.45
- Busybox busybox 0.46
- Busybox busybox 0.47
- Busybox busybox 0.48
- Busybox busybox 0.49
- Busybox busybox 0.50
- Busybox busybox 0.51
- Busybox busybox 0.52
- Busybox busybox 0.60.0
- Busybox busybox 0.60.1
- Busybox busybox 0.60.2
- Busybox busybox 0.60.3
- Busybox busybox 0.60.4
- Busybox busybox 0.60.5
- Busybox busybox 1.00
- Busybox busybox 1.0.0
- Busybox busybox 1.01
- Busybox busybox 1.1.0
- Busybox busybox 1.10.0
- Busybox busybox 1.10.1
- Busybox busybox 1.10.2
- Busybox busybox 1.10.3
- Busybox busybox 1.10.4
- Busybox busybox 1.1.1
- Busybox busybox 1.11.0
- Busybox busybox 1.11.1
- Busybox busybox 1.11.2
- Busybox busybox 1.11.3
- Busybox busybox 1.1.2
- Busybox busybox 1.12.0
- Busybox busybox 1.12.1
- Busybox busybox 1.12.2
- Busybox busybox 1.12.3
- Busybox busybox 1.12.4
- Busybox busybox 1.1.3
- Busybox busybox 1.13.0
- Busybox busybox 1.13.1
- Busybox busybox 1.13.2
- Busybox busybox 1.13.3
- Busybox busybox 1.13.4
- Busybox busybox 1.14.0
- Busybox busybox 1.14.1
- Busybox busybox 1.14.2
- Busybox busybox 1.14.3
- Busybox busybox 1.14.4
- Busybox busybox 1.15.0
- Busybox busybox 1.15.1
- Busybox busybox 1.15.2
- Busybox busybox 1.15.3
- Busybox busybox 1.16.0
- Busybox busybox 1.16.1
- Busybox busybox 1.16.2
- Busybox busybox 1.17.0
- Busybox busybox 1.17.1
- Busybox busybox 1.17.2
- Busybox busybox 1.17.3
- Busybox busybox 1.17.4
- Busybox busybox 1.18.0
- Busybox busybox 1.18.1
- Busybox busybox 1.18.2
- Busybox busybox 1.18.3
- Busybox busybox 1.18.4
- Busybox busybox 1.18.5
- Busybox busybox 1.19.0
- Busybox busybox 1.19.1
- Busybox busybox 1.19.2
- Busybox busybox 1.19.3
- Busybox busybox 1.19.4
- Busybox busybox 1.2.0
- Busybox busybox 1.20.0
- Busybox busybox 1.20.1
- Busybox busybox 1.20.2
- Busybox busybox 1.2.1
- Busybox busybox 1.21.0
- Busybox busybox 1.21.1
- Busybox busybox 1.2.2
- Busybox busybox 1.22.0
- Busybox busybox 1.2.2.1
- Busybox busybox 1.22.1
- Busybox busybox 1.23.0
- Busybox busybox 1.23.1
- Busybox busybox 1.23.2
- Busybox busybox 1.24.0
- Busybox busybox 1.24.1
- Busybox busybox 1.24.2
- Busybox busybox 1.25.0
- Busybox busybox 1.25.1
- Busybox busybox 1.26.0
- Busybox busybox 1.26.1
- Busybox busybox 1.26.2
- Busybox busybox 1.27.0
- Busybox busybox 1.27.1
- Busybox busybox 1.27.2
- Busybox busybox 1.28.0
- Busybox busybox 1.28.1
- Busybox busybox 1.28.2
- Busybox busybox 1.28.3
- Busybox busybox 1.28.4
- Busybox busybox 1.29.0
- Busybox busybox 1.29.1
- Busybox busybox 1.29.2
- Busybox busybox 1.29.3
- Busybox busybox 1.3.0
- Busybox busybox 1.3.1
- Busybox busybox 1.3.2
- Busybox busybox 1.4.0
- Busybox busybox 1.4.1
- Busybox busybox 1.4.2
- Busybox busybox 1.5.0
- Busybox busybox 1.5.1
- Busybox busybox 1.5.2
- Busybox busybox 1.6.0
- Busybox busybox 1.6.1
- Busybox busybox 1.6.2
- Busybox busybox 1.7.0
- Busybox busybox 1.7.1
- Busybox busybox 1.7.2
- Busybox busybox 1.7.3
- Busybox busybox 1.7.4
- Busybox busybox 1.7.5
- Busybox busybox 1.8.0
- Busybox busybox 1.8.1
- Busybox busybox 1.8.2
- Busybox busybox 1.8.3
- Busybox busybox 1.9.0
- Busybox busybox 1.9.1
- Busybox busybox 1.9.2
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 18.10
References