Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-1813 (GCVE-0-2013-1813)
Vulnerability from cvelistv5 – Published: 2013-11-23 11:00 – Updated: 2024-08-06 15:13
VLAI?
EPSS
Summary
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2013-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"name": "RHSA-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"name": "[busybox] 20130722 1.21.0 is released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T19:06:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"name": "RHSA-2013:1732",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"name": "[busybox] 20130722 1.21.0 is released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.t-mobile.com/docs/DOC-21994",
"refsource": "CONFIRM",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"name": "RHSA-2013:1732",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"name": "[busybox] 20130722 1.21.0 is released",
"refsource": "MLIST",
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"name": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784",
"refsource": "CONFIRM",
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1813",
"datePublished": "2013-11-23T11:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:13:32.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2013-1813",
"date": "2026-04-15",
"epss": "0.00093",
"percentile": "0.25978"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-1813\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-11-23T11:55:04.337\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.\"},{\"lang\":\"es\",\"value\":\"util-linux/mdev.c en BusyBox anterior a la versi\u00f3n 1.21.0 utiliza permisos 0777 en directorios padre al crear directorios anidados bajo /dev/, lo que permite a usuarios locales tener un impacto y vectores de ataques desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"919D9673-1FCA-431D-9F30-643AAEFAC1DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.20.2\",\"matchCriteriaId\":\"920C6143-7898-45F6-97C0-6F39127DCA71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B67E997-9F5B-46BB-A6C7-2807E08780D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADF8AED2-C49C-4494-A758-152BB15163B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A78CB26D-6D7F-41B9-B831-836B1AE9685D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22F144B4-A3DC-486F-8AEB-56A293CEB4D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DEF39BB-37E1-449A-8CB9-6E85E1FABCA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37848E12-4C7D-4EE2-9347-0B10A26E9B63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAEE5FB7-08B2-4A15-9D14-1BFF7BA513DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"148DF5E9-748F-44FB-84D3-5FD4D30322B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41B69641-1130-4905-A5EE-80A193FCF207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7464F91E-51A5-4C77-93BD-EA57824EB7AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48429F2F-F41D-45C5-AA58-FDBEC63B3DD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F907C5FE-E1E8-4B55-AA1F-A82517BA3657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACEE08C4-A5EE-42B9-8AB9-EB5BE4FEF2C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F745A0B-7B84-4127-BE27-9DC485479474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.60.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85B1DD33-0CAD-4ED6-BB99-29EA39E4D147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.60.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35153AC7-AAF0-43BA-A900-7DDF46FF4F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.60.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A35C280B-5370-4762-A109-E08DB542BFD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.60.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB07416D-FBA6-4A68-856D-4AF5E2FF142E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.60.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8998A02A-A35B-4124-AB31-43F1A1B9C477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F70FE4-28AA-40D1-A2D2-D7047404E3BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539C33E8-53AA-4415-BDA2-C4EE889FDB64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E2D0557-0C6A-40B6-BF08-0D24CDCF0FD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1D67C2D-825B-4E66-A43F-9D07BB3CF9CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5408DA3E-9CA1-4768-992C-1732A45C4365\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A9C5E7-5260-4EBD-8A62-B11EE81906F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55E1C67B-87DD-4883-A4DC-539783B4223E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A4634A-6B09-477B-AC5C-109D1708935D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C035059E-0B42-4C1F-9C6D-866D69DE4702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCA06DD4-6993-4F5F-8D01-94CEFB684D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3F4032E-04CF-4EA9-AF05-B6EBE5FFEDDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95E79C7-1C7D-4A7B-8465-C4D3557C0097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBA76F53-2D6B-432F-99AD-3D126F463535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80FD3330-1F10-4697-ABEA-806E3068678B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F696DE8-423B-4F93-A2FE-8CCC9EB7E48A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A6A3CC-A56B-4861-9668-8AE05247042C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E508DF8D-33E4-485A-9348-B4592A9C0207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9796F6C1-52BB-448A-A807-0A6036B3ECC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71494758-A192-4A83-85D6-6A368CD58BF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB367825-26AE-4B75-A329-EC9DD0EC8004\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4336604A-11D1-4450-B38F-378263A299B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DAE682D-2F8E-40B2-8894-9FCAA8CD0101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D61499-332E-4AE7-A005-32A0DDE81DF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3923C03C-DD87-4FF8-BC97-A72CC65155FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E9A8BC6-CA69-46B0-9426-34ADB2695BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6704C4C-88E6-466D-9CAE-6FE8545F0977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F20F2DBA-E5F1-4DE7-95A3-8A044A94E9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC859628-5C13-4513-93C2-538F0A6A2586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB0BF42-4C41-44DF-926A-9144C2F385E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C17EDB63-B733-4761-B535-7F72E8F787A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F69A0F8C-B003-485F-813A-D4E1A4E88584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8509CF5F-D1D1-4EB5-A061-00EEEEED68BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A7A44C-C438-407C-97FF-435BE95795FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28738A5C-C205-4FC5-8633-5A7B898A1832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8B44A0E-800C-4342-BA75-A48F3A56C3CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F341E09-BF96-43E6-96CC-7AFD8736938C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AEB371C-36DF-4421-882B-C769ED8404EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23D58896-B93B-4D5C-B42A-802B86A8D986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B38C04-7990-4B5A-86DB-9DE35BD73BED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD8D48C9-CC0F-4ACE-9C59-67E962C2DB6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A1607A0-9B02-4433-B246-CE0FC73C2F64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED230815-6F03-49D2-8422-5E4764C92776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89769E1E-FC6F-464F-9D2D-4A92E8150023\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A818C102-5BBA-49ED-A2FF-CB60D50B867F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4965028A-4818-4F49-A69F-E4936B802933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"789A3850-A613-41D5-A4B1-5B21F0DAD865\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1D06891-0077-43A7-84FE-26BEB4615820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAEBB6E8-4B1C-4F90-A429-4A08B5958706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7DCE0B0-FC75-4C79-9B69-7E45F6DF1B2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F680B7-A7C9-491C-B084-809FA91A4306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4B04CD2-EE97-4480-A3BD-A9405CC72408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3301EA75-92C1-4A07-8D4F-C03327F0DCA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A528C12-8E6C-47E3-B1B3-8DDA5C934C28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56FDCCB-87A7-4354-83EA-3BEAFF0FF019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC00E801-D3E0-4D9E-B004-F2192D1D552A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66D0CE4D-E98B-4080-8372-7F1632A1E8F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAD322BE-7397-4154-B2BD-7E94275C1CEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7288E37E-9B8C-403E-A534-6191A0C6B4D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DB0017A-2FDB-424D-B693-3609141321A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DA7560-D138-4D9C-9D1B-1DF0F79181AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"904B27F8-A167-4986-9AD3-665AF0D9B364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E92B4186-3A3B-46E6-ADCA-B5EDCB122A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"852E6303-7BC5-4559-A653-727E5F8D21F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75C8ED43-A5E6-4413-9723-C69D9F46EF73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82866980-4335-4A5A-B4ED-750C848861C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5566B9F7-9C87-46F2-948C-7D2599035F82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC2AEC0B-A24B-4B4F-ABDD-60FC57257634\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E850B3B9-8D40-4C6C-9872-16C5235655B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07CECA25-E276-46F6-A811-6B428B4DB4A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55DDF725-B099-4187-ADB5-10CA4E6105ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834E01F2-96CD-4F2D-9854-A68B31E1E3DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6576665-E960-4338-ACF0-747F71443887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BFC1DCB-BC86-4C65-88B6-DC6F29C1BF12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01DA4F8E-77CE-4552-A200-F7AE11CB99A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC7D599-2AA2-465D-8943-D43FB274562C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA46F251-9F17-498F-B093-70ADF7F989F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"342D474D-D3E9-43A1-9822-AFF4BD39741D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F79AF30-821F-488B-971D-3A2C931C7D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:1.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B94A193D-55F6-410B-A744-D7561D76D6E7\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.busybox.net/pipermail/busybox/2013-January/078864.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1732.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/20\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2020/Mar/15\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.t-mobile.com/docs/DOC-21994\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.busybox.net/pipermail/busybox/2013-January/078864.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1732.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2020/Mar/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.t-mobile.com/docs/DOC-21994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2013:1732
Vulnerability from csaf_redhat - Published: 2013-11-20 16:49 - Updated: 2025-11-21 17:46Summary
Red Hat Security Advisory: busybox security and bug fix update
Severity
Low
Notes
Topic: Updated busybox packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details: BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.
It was found that the mdev BusyBox utility could create certain directories
within /dev with world-writable permissions. A local unprivileged user
could use this flaw to manipulate portions of the /dev directory tree.
(CVE-2013-1813)
This update also fixes the following bugs:
* Previously, due to a too eager string size optimization on the IBM System
z architecture, the "wc" BusyBox command failed after processing standard
input with the following error:
wc: : No such file or directory
This bug was fixed by disabling the string size optimization and the "wc"
command works properly on IBM System z architectures. (BZ#820097)
* Prior to this update, the "mknod" command was unable to create device
nodes with a major or minor number larger than 255. Consequently, the kdump
utility failed to handle such a device. The underlying source code has been
modified, and it is now possible to use the "mknod" command to create
device nodes with a major or minor number larger than 255. (BZ#859817)
* If a network installation from an NFS server was selected, the "mount"
command used the UDP protocol by default. If only TCP mounts were supported
by the server, this led to a failure of the mount command. As a result,
Anaconda could not continue with the installation. This bug is now fixed
and NFS mount operations default to the TCP protocol. (BZ#855832)
All busybox users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
3.6 ()
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
https://access.redhat.com/errata/RHSA-2013:1732
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated busybox packages that fix one security issue and several bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "BusyBox provides a single binary that includes versions of a large number\nof system commands, including a shell. This can be very useful for\nrecovering from certain types of system failures, particularly those\ninvolving broken shared libraries.\n\nIt was found that the mdev BusyBox utility could create certain directories\nwithin /dev with world-writable permissions. A local unprivileged user\ncould use this flaw to manipulate portions of the /dev directory tree.\n(CVE-2013-1813)\n\nThis update also fixes the following bugs:\n\n* Previously, due to a too eager string size optimization on the IBM System\nz architecture, the \"wc\" BusyBox command failed after processing standard\ninput with the following error:\n\n wc: : No such file or directory\n\nThis bug was fixed by disabling the string size optimization and the \"wc\"\ncommand works properly on IBM System z architectures. (BZ#820097)\n\n* Prior to this update, the \"mknod\" command was unable to create device\nnodes with a major or minor number larger than 255. Consequently, the kdump\nutility failed to handle such a device. The underlying source code has been\nmodified, and it is now possible to use the \"mknod\" command to create\ndevice nodes with a major or minor number larger than 255. (BZ#859817)\n\n* If a network installation from an NFS server was selected, the \"mount\"\ncommand used the UDP protocol by default. If only TCP mounts were supported\nby the server, this led to a failure of the mount command. As a result,\nAnaconda could not continue with the installation. This bug is now fixed\nand NFS mount operations default to the TCP protocol. (BZ#855832)\n\nAll busybox users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1732",
"url": "https://access.redhat.com/errata/RHSA-2013:1732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "820097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820097"
},
{
"category": "external",
"summary": "919608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919608"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1732.json"
}
],
"title": "Red Hat Security Advisory: busybox security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:46:09+00:00",
"generator": {
"date": "2025-11-21T17:46:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2013:1732",
"initial_release_date": "2013-11-20T16:49:00+00:00",
"revision_history": [
{
"date": "2013-11-20T16:49:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-11-20T16:51:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:46:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1:1.15.1-20.el6.src",
"product": {
"name": "busybox-1:1.15.1-20.el6.src",
"product_id": "busybox-1:1.15.1-20.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox@1.15.1-20.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"product": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"product_id": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox-petitboot@1.15.1-20.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "busybox-1:1.15.1-20.el6.x86_64",
"product": {
"name": "busybox-1:1.15.1-20.el6.x86_64",
"product_id": "busybox-1:1.15.1-20.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox@1.15.1-20.el6?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1:1.15.1-20.el6.i686",
"product": {
"name": "busybox-1:1.15.1-20.el6.i686",
"product_id": "busybox-1:1.15.1-20.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox@1.15.1-20.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "busybox-petitboot-1:1.15.1-20.el6.i686",
"product": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686",
"product_id": "busybox-petitboot-1:1.15.1-20.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox-petitboot@1.15.1-20.el6?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1:1.15.1-20.el6.ppc64",
"product": {
"name": "busybox-1:1.15.1-20.el6.ppc64",
"product_id": "busybox-1:1.15.1-20.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox@1.15.1-20.el6?arch=ppc64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"product": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"product_id": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox-petitboot@1.15.1-20.el6?arch=ppc64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "busybox-1:1.15.1-20.el6.s390x",
"product": {
"name": "busybox-1:1.15.1-20.el6.s390x",
"product_id": "busybox-1:1.15.1-20.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox@1.15.1-20.el6?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"product": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"product_id": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/busybox-petitboot@1.15.1-20.el6?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
"product_id": "6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-1:1.15.1-20.el6.src"
},
"product_reference": "busybox-1:1.15.1-20.el6.src",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-petitboot-1:1.15.1-20.el6.i686"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.i686",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-petitboot-1:1.15.1-20.el6.ppc64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.ppc64",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-petitboot-1:1.15.1-20.el6.s390x"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.s390x",
"relates_to_product_reference": "6Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "busybox-petitboot-1:1.15.1-20.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation:busybox-petitboot-1:1.15.1-20.el6.x86_64"
},
"product_reference": "busybox-petitboot-1:1.15.1-20.el6.x86_64",
"relates_to_product_reference": "6Workstation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-1813",
"discovery_date": "2013-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "919608"
}
],
"notes": [
{
"category": "description",
"text": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "busybox: insecure directory permissions in /dev",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional:busybox-1:1.15.1-20.el6.i686",
"6Client-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Client-optional:busybox-1:1.15.1-20.el6.s390x",
"6Client-optional:busybox-1:1.15.1-20.el6.src",
"6Client-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Client:busybox-1:1.15.1-20.el6.i686",
"6Client:busybox-1:1.15.1-20.el6.ppc64",
"6Client:busybox-1:1.15.1-20.el6.s390x",
"6Client:busybox-1:1.15.1-20.el6.src",
"6Client:busybox-1:1.15.1-20.el6.x86_64",
"6Client:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Client:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Client:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Client:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.i686",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.ppc64",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.s390x",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.src",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.x86_64",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6ComputeNode:busybox-1:1.15.1-20.el6.i686",
"6ComputeNode:busybox-1:1.15.1-20.el6.ppc64",
"6ComputeNode:busybox-1:1.15.1-20.el6.s390x",
"6ComputeNode:busybox-1:1.15.1-20.el6.src",
"6ComputeNode:busybox-1:1.15.1-20.el6.x86_64",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.i686",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Server-optional:busybox-1:1.15.1-20.el6.i686",
"6Server-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Server-optional:busybox-1:1.15.1-20.el6.s390x",
"6Server-optional:busybox-1:1.15.1-20.el6.src",
"6Server-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Server:busybox-1:1.15.1-20.el6.i686",
"6Server:busybox-1:1.15.1-20.el6.ppc64",
"6Server:busybox-1:1.15.1-20.el6.s390x",
"6Server:busybox-1:1.15.1-20.el6.src",
"6Server:busybox-1:1.15.1-20.el6.x86_64",
"6Server:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Server:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Server:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Server:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Workstation-optional:busybox-1:1.15.1-20.el6.i686",
"6Workstation-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Workstation-optional:busybox-1:1.15.1-20.el6.s390x",
"6Workstation-optional:busybox-1:1.15.1-20.el6.src",
"6Workstation-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Workstation:busybox-1:1.15.1-20.el6.i686",
"6Workstation:busybox-1:1.15.1-20.el6.ppc64",
"6Workstation:busybox-1:1.15.1-20.el6.s390x",
"6Workstation:busybox-1:1.15.1-20.el6.src",
"6Workstation:busybox-1:1.15.1-20.el6.x86_64",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1813"
},
{
"category": "external",
"summary": "RHBZ#919608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1813",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1813"
}
],
"release_date": "2013-03-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-11-20T16:49:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Client-optional:busybox-1:1.15.1-20.el6.i686",
"6Client-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Client-optional:busybox-1:1.15.1-20.el6.s390x",
"6Client-optional:busybox-1:1.15.1-20.el6.src",
"6Client-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Client:busybox-1:1.15.1-20.el6.i686",
"6Client:busybox-1:1.15.1-20.el6.ppc64",
"6Client:busybox-1:1.15.1-20.el6.s390x",
"6Client:busybox-1:1.15.1-20.el6.src",
"6Client:busybox-1:1.15.1-20.el6.x86_64",
"6Client:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Client:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Client:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Client:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.i686",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.ppc64",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.s390x",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.src",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.x86_64",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6ComputeNode:busybox-1:1.15.1-20.el6.i686",
"6ComputeNode:busybox-1:1.15.1-20.el6.ppc64",
"6ComputeNode:busybox-1:1.15.1-20.el6.s390x",
"6ComputeNode:busybox-1:1.15.1-20.el6.src",
"6ComputeNode:busybox-1:1.15.1-20.el6.x86_64",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.i686",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Server-optional:busybox-1:1.15.1-20.el6.i686",
"6Server-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Server-optional:busybox-1:1.15.1-20.el6.s390x",
"6Server-optional:busybox-1:1.15.1-20.el6.src",
"6Server-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Server:busybox-1:1.15.1-20.el6.i686",
"6Server:busybox-1:1.15.1-20.el6.ppc64",
"6Server:busybox-1:1.15.1-20.el6.s390x",
"6Server:busybox-1:1.15.1-20.el6.src",
"6Server:busybox-1:1.15.1-20.el6.x86_64",
"6Server:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Server:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Server:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Server:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Workstation-optional:busybox-1:1.15.1-20.el6.i686",
"6Workstation-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Workstation-optional:busybox-1:1.15.1-20.el6.s390x",
"6Workstation-optional:busybox-1:1.15.1-20.el6.src",
"6Workstation-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Workstation:busybox-1:1.15.1-20.el6.i686",
"6Workstation:busybox-1:1.15.1-20.el6.ppc64",
"6Workstation:busybox-1:1.15.1-20.el6.s390x",
"6Workstation:busybox-1:1.15.1-20.el6.src",
"6Workstation:busybox-1:1.15.1-20.el6.x86_64",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1732"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional:busybox-1:1.15.1-20.el6.i686",
"6Client-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Client-optional:busybox-1:1.15.1-20.el6.s390x",
"6Client-optional:busybox-1:1.15.1-20.el6.src",
"6Client-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Client-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Client:busybox-1:1.15.1-20.el6.i686",
"6Client:busybox-1:1.15.1-20.el6.ppc64",
"6Client:busybox-1:1.15.1-20.el6.s390x",
"6Client:busybox-1:1.15.1-20.el6.src",
"6Client:busybox-1:1.15.1-20.el6.x86_64",
"6Client:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Client:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Client:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Client:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.i686",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.ppc64",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.s390x",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.src",
"6ComputeNode-optional:busybox-1:1.15.1-20.el6.x86_64",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6ComputeNode-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6ComputeNode:busybox-1:1.15.1-20.el6.i686",
"6ComputeNode:busybox-1:1.15.1-20.el6.ppc64",
"6ComputeNode:busybox-1:1.15.1-20.el6.s390x",
"6ComputeNode:busybox-1:1.15.1-20.el6.src",
"6ComputeNode:busybox-1:1.15.1-20.el6.x86_64",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.i686",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6ComputeNode:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Server-optional:busybox-1:1.15.1-20.el6.i686",
"6Server-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Server-optional:busybox-1:1.15.1-20.el6.s390x",
"6Server-optional:busybox-1:1.15.1-20.el6.src",
"6Server-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Server-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Server:busybox-1:1.15.1-20.el6.i686",
"6Server:busybox-1:1.15.1-20.el6.ppc64",
"6Server:busybox-1:1.15.1-20.el6.s390x",
"6Server:busybox-1:1.15.1-20.el6.src",
"6Server:busybox-1:1.15.1-20.el6.x86_64",
"6Server:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Server:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Server:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Server:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Workstation-optional:busybox-1:1.15.1-20.el6.i686",
"6Workstation-optional:busybox-1:1.15.1-20.el6.ppc64",
"6Workstation-optional:busybox-1:1.15.1-20.el6.s390x",
"6Workstation-optional:busybox-1:1.15.1-20.el6.src",
"6Workstation-optional:busybox-1:1.15.1-20.el6.x86_64",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Workstation-optional:busybox-petitboot-1:1.15.1-20.el6.x86_64",
"6Workstation:busybox-1:1.15.1-20.el6.i686",
"6Workstation:busybox-1:1.15.1-20.el6.ppc64",
"6Workstation:busybox-1:1.15.1-20.el6.s390x",
"6Workstation:busybox-1:1.15.1-20.el6.src",
"6Workstation:busybox-1:1.15.1-20.el6.x86_64",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.i686",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.ppc64",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.s390x",
"6Workstation:busybox-petitboot-1:1.15.1-20.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "busybox: insecure directory permissions in /dev"
}
]
}
GSD-2013-1813
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1813",
"description": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.",
"id": "GSD-2013-1813",
"references": [
"https://www.suse.com/security/cve/CVE-2013-1813.html",
"https://access.redhat.com/errata/RHSA-2013:1732",
"https://advisories.mageia.org/CVE-2013-1813.html",
"https://linux.oracle.com/cve/CVE-2013-1813.html",
"https://packetstormsecurity.com/files/cve/CVE-2013-1813"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-1813"
],
"details": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.",
"id": "GSD-2013-1813",
"modified": "2023-12-13T01:22:20.297044Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.t-mobile.com/docs/DOC-21994",
"refsource": "CONFIRM",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"name": "RHSA-2013:1732",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"name": "[busybox] 20130722 1.21.0 is released",
"refsource": "MLIST",
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"name": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784",
"refsource": "CONFIRM",
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.60.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.60.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.60.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.19.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.60.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.60.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1813"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"name": "RHSA-2013:1732",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"name": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"name": "[busybox] 20130722 1.21.0 is released",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"name": "https://support.t-mobile.com/docs/DOC-21994",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2020-08-27T20:15Z",
"publishedDate": "2013-11-23T11:55Z"
}
}
}
FKIE_CVE-2013-1813
Vulnerability from fkie_nvd - Published: 2013-11-23 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965 | ||
| secalert@redhat.com | http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784 | Exploit, Patch | |
| secalert@redhat.com | http://lists.busybox.net/pipermail/busybox/2013-January/078864.html | ||
| secalert@redhat.com | http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-1732.html | Vendor Advisory | |
| secalert@redhat.com | http://seclists.org/fulldisclosure/2019/Jun/18 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2020/Aug/20 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2020/Mar/15 | ||
| secalert@redhat.com | https://seclists.org/bugtraq/2019/Jun/14 | ||
| secalert@redhat.com | https://support.t-mobile.com/docs/DOC-21994 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.busybox.net/pipermail/busybox/2013-January/078864.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1732.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jun/18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Aug/20 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Mar/15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jun/14 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.t-mobile.com/docs/DOC-21994 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 6.0 | |
| t-mobile | tm-ac1900 | 3.0.0.4.376_3169 | |
| busybox | busybox | * | |
| busybox | busybox | 0.38 | |
| busybox | busybox | 0.39 | |
| busybox | busybox | 0.40 | |
| busybox | busybox | 0.41 | |
| busybox | busybox | 0.42 | |
| busybox | busybox | 0.43 | |
| busybox | busybox | 0.45 | |
| busybox | busybox | 0.46 | |
| busybox | busybox | 0.47 | |
| busybox | busybox | 0.48 | |
| busybox | busybox | 0.49 | |
| busybox | busybox | 0.50 | |
| busybox | busybox | 0.51 | |
| busybox | busybox | 0.52 | |
| busybox | busybox | 0.60.0 | |
| busybox | busybox | 0.60.1 | |
| busybox | busybox | 0.60.2 | |
| busybox | busybox | 0.60.3 | |
| busybox | busybox | 0.60.4 | |
| busybox | busybox | 0.60.5 | |
| busybox | busybox | 1.00 | |
| busybox | busybox | 1.01 | |
| busybox | busybox | 1.1.0 | |
| busybox | busybox | 1.1.1 | |
| busybox | busybox | 1.1.2 | |
| busybox | busybox | 1.1.3 | |
| busybox | busybox | 1.2.0 | |
| busybox | busybox | 1.2.1 | |
| busybox | busybox | 1.2.2 | |
| busybox | busybox | 1.2.2.1 | |
| busybox | busybox | 1.3.0 | |
| busybox | busybox | 1.3.1 | |
| busybox | busybox | 1.3.2 | |
| busybox | busybox | 1.4.0 | |
| busybox | busybox | 1.4.1 | |
| busybox | busybox | 1.4.2 | |
| busybox | busybox | 1.5.0 | |
| busybox | busybox | 1.5.1 | |
| busybox | busybox | 1.6.0 | |
| busybox | busybox | 1.6.1 | |
| busybox | busybox | 1.7.0 | |
| busybox | busybox | 1.7.1 | |
| busybox | busybox | 1.7.2 | |
| busybox | busybox | 1.7.3 | |
| busybox | busybox | 1.8.0 | |
| busybox | busybox | 1.8.1 | |
| busybox | busybox | 1.8.2 | |
| busybox | busybox | 1.9.0 | |
| busybox | busybox | 1.9.1 | |
| busybox | busybox | 1.9.2 | |
| busybox | busybox | 1.10.0 | |
| busybox | busybox | 1.10.1 | |
| busybox | busybox | 1.10.2 | |
| busybox | busybox | 1.10.3 | |
| busybox | busybox | 1.10.4 | |
| busybox | busybox | 1.11.0 | |
| busybox | busybox | 1.11.1 | |
| busybox | busybox | 1.11.2 | |
| busybox | busybox | 1.11.3 | |
| busybox | busybox | 1.12.0 | |
| busybox | busybox | 1.12.1 | |
| busybox | busybox | 1.12.2 | |
| busybox | busybox | 1.12.3 | |
| busybox | busybox | 1.12.4 | |
| busybox | busybox | 1.13.0 | |
| busybox | busybox | 1.13.1 | |
| busybox | busybox | 1.13.2 | |
| busybox | busybox | 1.13.3 | |
| busybox | busybox | 1.13.4 | |
| busybox | busybox | 1.14.0 | |
| busybox | busybox | 1.14.1 | |
| busybox | busybox | 1.14.2 | |
| busybox | busybox | 1.14.3 | |
| busybox | busybox | 1.14.4 | |
| busybox | busybox | 1.15.0 | |
| busybox | busybox | 1.15.1 | |
| busybox | busybox | 1.15.2 | |
| busybox | busybox | 1.15.3 | |
| busybox | busybox | 1.16.0 | |
| busybox | busybox | 1.16.1 | |
| busybox | busybox | 1.16.2 | |
| busybox | busybox | 1.17.0 | |
| busybox | busybox | 1.17.1 | |
| busybox | busybox | 1.17.2 | |
| busybox | busybox | 1.17.3 | |
| busybox | busybox | 1.17.4 | |
| busybox | busybox | 1.18.0 | |
| busybox | busybox | 1.18.1 | |
| busybox | busybox | 1.18.2 | |
| busybox | busybox | 1.18.3 | |
| busybox | busybox | 1.18.4 | |
| busybox | busybox | 1.18.5 | |
| busybox | busybox | 1.19.0 | |
| busybox | busybox | 1.19.2 | |
| busybox | busybox | 1.19.3 | |
| busybox | busybox | 1.19.4 | |
| busybox | busybox | 1.20.0 | |
| busybox | busybox | 1.20.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*",
"matchCriteriaId": "919D9673-1FCA-431D-9F30-643AAEFAC1DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "920C6143-7898-45F6-97C0-6F39127DCA71",
"versionEndIncluding": "1.20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "0B67E997-9F5B-46BB-A6C7-2807E08780D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF8AED2-C49C-4494-A758-152BB15163B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A78CB26D-6D7F-41B9-B831-836B1AE9685D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F144B4-A3DC-486F-8AEB-56A293CEB4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEF39BB-37E1-449A-8CB9-6E85E1FABCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "37848E12-4C7D-4EE2-9347-0B10A26E9B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEE5FB7-08B2-4A15-9D14-1BFF7BA513DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "148DF5E9-748F-44FB-84D3-5FD4D30322B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "41B69641-1130-4905-A5EE-80A193FCF207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "7464F91E-51A5-4C77-93BD-EA57824EB7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "48429F2F-F41D-45C5-AA58-FDBEC63B3DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "F907C5FE-E1E8-4B55-AA1F-A82517BA3657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEE08C4-A5EE-42B9-8AB9-EB5BE4FEF2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2F745A0B-7B84-4127-BE27-9DC485479474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85B1DD33-0CAD-4ED6-BB99-29EA39E4D147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35153AC7-AAF0-43BA-A900-7DDF46FF4F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.60.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A35C280B-5370-4762-A109-E08DB542BFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.60.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB07416D-FBA6-4A68-856D-4AF5E2FF142E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.60.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8998A02A-A35B-4124-AB31-43F1A1B9C477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70FE4-28AA-40D1-A2D2-D7047404E3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "539C33E8-53AA-4415-BDA2-C4EE889FDB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2D0557-0C6A-40B6-BF08-0D24CDCF0FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D67C2D-825B-4E66-A43F-9D07BB3CF9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5408DA3E-9CA1-4768-992C-1732A45C4365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A9C5E7-5260-4EBD-8A62-B11EE81906F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55E1C67B-87DD-4883-A4DC-539783B4223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09A4634A-6B09-477B-AC5C-109D1708935D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C035059E-0B42-4C1F-9C6D-866D69DE4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA06DD4-6993-4F5F-8D01-94CEFB684D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F4032E-04CF-4EA9-AF05-B6EBE5FFEDDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F95E79C7-1C7D-4A7B-8465-C4D3557C0097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA76F53-2D6B-432F-99AD-3D126F463535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80FD3330-1F10-4697-ABEA-806E3068678B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F696DE8-423B-4F93-A2FE-8CCC9EB7E48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49A6A3CC-A56B-4861-9668-8AE05247042C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E508DF8D-33E4-485A-9348-B4592A9C0207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9796F6C1-52BB-448A-A807-0A6036B3ECC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71494758-A192-4A83-85D6-6A368CD58BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB367825-26AE-4B75-A329-EC9DD0EC8004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4336604A-11D1-4450-B38F-378263A299B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DAE682D-2F8E-40B2-8894-9FCAA8CD0101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D61499-332E-4AE7-A005-32A0DDE81DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3923C03C-DD87-4FF8-BC97-A72CC65155FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9A8BC6-CA69-46B0-9426-34ADB2695BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6704C4C-88E6-466D-9CAE-6FE8545F0977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F20F2DBA-E5F1-4DE7-95A3-8A044A94E9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC859628-5C13-4513-93C2-538F0A6A2586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB0BF42-4C41-44DF-926A-9144C2F385E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C17EDB63-B733-4761-B535-7F72E8F787A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F69A0F8C-B003-485F-813A-D4E1A4E88584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8509CF5F-D1D1-4EB5-A061-00EEEEED68BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A7A44C-C438-407C-97FF-435BE95795FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28738A5C-C205-4FC5-8633-5A7B898A1832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B44A0E-800C-4342-BA75-A48F3A56C3CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F341E09-BF96-43E6-96CC-7AFD8736938C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEB371C-36DF-4421-882B-C769ED8404EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D58896-B93B-4D5C-B42A-802B86A8D986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96B38C04-7990-4B5A-86DB-9DE35BD73BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD8D48C9-CC0F-4ACE-9C59-67E962C2DB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1607A0-9B02-4433-B246-CE0FC73C2F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED230815-6F03-49D2-8422-5E4764C92776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89769E1E-FC6F-464F-9D2D-4A92E8150023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A818C102-5BBA-49ED-A2FF-CB60D50B867F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4965028A-4818-4F49-A69F-E4936B802933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "789A3850-A613-41D5-A4B1-5B21F0DAD865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D06891-0077-43A7-84FE-26BEB4615820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEBB6E8-4B1C-4F90-A429-4A08B5958706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DCE0B0-FC75-4C79-9B69-7E45F6DF1B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46F680B7-A7C9-491C-B084-809FA91A4306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B04CD2-EE97-4480-A3BD-A9405CC72408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3301EA75-92C1-4A07-8D4F-C03327F0DCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A528C12-8E6C-47E3-B1B3-8DDA5C934C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A56FDCCB-87A7-4354-83EA-3BEAFF0FF019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC00E801-D3E0-4D9E-B004-F2192D1D552A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66D0CE4D-E98B-4080-8372-7F1632A1E8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD322BE-7397-4154-B2BD-7E94275C1CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7288E37E-9B8C-403E-A534-6191A0C6B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB0017A-2FDB-424D-B693-3609141321A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA7560-D138-4D9C-9D1B-1DF0F79181AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "904B27F8-A167-4986-9AD3-665AF0D9B364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E92B4186-3A3B-46E6-ADCA-B5EDCB122A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "852E6303-7BC5-4559-A653-727E5F8D21F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75C8ED43-A5E6-4413-9723-C69D9F46EF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82866980-4335-4A5A-B4ED-750C848861C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5566B9F7-9C87-46F2-948C-7D2599035F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2AEC0B-A24B-4B4F-ABDD-60FC57257634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E850B3B9-8D40-4C6C-9872-16C5235655B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07CECA25-E276-46F6-A811-6B428B4DB4A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55DDF725-B099-4187-ADB5-10CA4E6105ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "834E01F2-96CD-4F2D-9854-A68B31E1E3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6576665-E960-4338-ACF0-747F71443887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFC1DCB-BC86-4C65-88B6-DC6F29C1BF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01DA4F8E-77CE-4552-A200-F7AE11CB99A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC7D599-2AA2-465D-8943-D43FB274562C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA46F251-9F17-498F-B093-70ADF7F989F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "342D474D-D3E9-43A1-9822-AFF4BD39741D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F79AF30-821F-488B-971D-3A2C931C7D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:busybox:busybox:1.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B94A193D-55F6-410B-A744-D7561D76D6E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "util-linux/mdev.c en BusyBox anterior a la versi\u00f3n 1.21.0 utiliza permisos 0777 en directorios padre al crear directorios anidados bajo /dev/, lo que permite a usuarios locales tener un impacto y vectores de ataques desconocidos."
}
],
"id": "CVE-2013-1813",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-23T11:55:04.337",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"source": "secalert@redhat.com",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"source": "secalert@redhat.com",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.t-mobile.com/docs/DOC-21994"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2021-AVI-214
Vulnerability from certfr_avis - Published: 2021-03-23 - Updated: 2021-03-23
De multiples vulnérabilités ont été découvertes dans Moxa EDR-810. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EDR-810 Series versions ant\u00e9rieures \u00e0 5.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2010-2156",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2156"
},
{
"name": "CVE-2017-17562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17562"
},
{
"name": "CVE-2016-6515",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2013-1813",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1813"
},
{
"name": "CVE-2016-10012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
},
{
"name": "CVE-2014-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2284"
}
],
"initial_release_date": "2021-03-23T00:00:00",
"last_revision_date": "2021-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa EDR-810.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa EDR-810",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 23 mars 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/edr-810-series-security-router-vulnerabilities-(1)"
}
]
}
VDE-2019-013
Vulnerability from csaf_wagogmbhcokg - Published: 2019-06-12 10:25 - Updated: 2019-06-12 10:25Summary
WAGO: Multiple Vulnerabilities in industrial managed switches
Notes
Summary: Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.
Impact: (see cve details)
Remediation: Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
CWE-20 - Improper Input Validation
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
7.5 (High)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
7.5 (High)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
9.8 (Critical)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
9.8 (Critical)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
5.5 (Medium)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
7.5 (High)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
9.8 (Critical)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
8.8 (High)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
9.8 (Critical)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
9.8 (Critical)
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CWE-787 - Out-of-bounds Write
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.
CWE-20 - Improper Input Validation
Vendor Fix
Update your managed switch to the latest firmware:
852-303 (>= V1.2.2.S0)
852-1305 (>= V1.1.6.S0)
852-1505 (>= V1.1.5.S0)
Firmwares published on Jun 7, 2019 or later are fixed.
Please refer to the corresponding manual.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
SEC Consult Vulnerability Lab
T. Weber
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"T. Weber"
],
"organization": "SEC Consult Vulnerability Lab",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in WAGO 852-303, 852-1305 and 852-1505 industrial managed ethernet switches.",
"title": "Summary"
},
{
"category": "description",
"text": "(see cve details)",
"title": "Impact"
},
{
"category": "description",
"text": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2019-013: WAGO: Multiple Vulnerabilities in industrial managed switches - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-013/"
},
{
"category": "self",
"summary": "VDE-2019-013: WAGO: Multiple Vulnerabilities in industrial managed switches - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-013.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple Vulnerabilities in industrial managed switches",
"tracking": {
"aliases": [
"VDE-2019-013"
],
"current_release_date": "2019-06-12T10:25:00.000Z",
"generator": {
"date": "2025-04-23T08:41:04.995Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.23"
}
},
"id": "VDE-2019-013",
"initial_release_date": "2019-06-12T10:25:00.000Z",
"revision_history": [
{
"date": "2019-06-12T10:25:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "852-1305",
"product": {
"name": "852-1305",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "852-1505",
"product": {
"name": "852-1505",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "852-303",
"product": {
"name": "852-303",
"product_id": "CSAFPID-11003"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.1.6.S0",
"product": {
"name": "Firmware \u003cV1.1.6.S0",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cV1.1.5.S0",
"product": {
"name": "Firmware \u003cV1.1.5.S0",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003cV1.2.2.S0",
"product": {
"name": "Firmware \u003cV1.2.2.S0",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version",
"name": "V1.1.6.S0",
"product": {
"name": "Firmware V1.1.6.S0",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V1.1.5.S0",
"product": {
"name": "Firmware V1.1.5.S0",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "V1.2.2.S0",
"product": {
"name": "Firmware V1.2.2.S0",
"product_id": "CSAFPID-22003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV1.1.6.S0 installed on 852-1305",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV1.1.5.S0 installed on 852-1505",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV1.2.2.S0 installed on 852-303",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.1.6.S0 installed on 852-1305",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.1.5.S0 installed on 852-1505",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V1.2.2.S0 installed on 852-303",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-3856",
"notes": [
{
"category": "description",
"text": "ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2010-3856"
},
{
"cve": "CVE-2011-2716",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2011-2716"
},
{
"cve": "CVE-2012-4412",
"notes": [
{
"category": "description",
"text": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2012-4412"
},
{
"cve": "CVE-2014-4043",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2014-4043"
},
{
"cve": "CVE-2014-9402",
"notes": [
{
"category": "description",
"text": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2014-9402"
},
{
"cve": "CVE-2016-6301",
"notes": [
{
"category": "description",
"text": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-6301"
},
{
"cve": "CVE-2015-1472",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-1472"
},
{
"cve": "CVE-2011-5325",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2011-5325"
},
{
"cve": "CVE-2014-9761",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2014-9761"
},
{
"cve": "CVE-2014-9984",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2014-9984"
},
{
"cve": "CVE-2015-9261",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2015-9261"
},
{
"cve": "CVE-2016-2147",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-2147"
},
{
"cve": "CVE-2016-2148",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2016-2148"
},
{
"cve": "CVE-2017-16544",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2017-16544"
},
{
"cve": "CVE-2019-12549",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "description",
"text": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2019-12549"
},
{
"cve": "CVE-2019-12550",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "description",
"text": "WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2019-12550"
},
{
"cve": "CVE-2015-0235",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2015-0235"
},
{
"cve": "CVE-2013-1813",
"notes": [
{
"category": "description",
"text": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2013-1813"
},
{
"cve": "CVE-2010-0296",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update your managed switch to the latest firmware:\n\n852-303 (\u003e= V1.2.2.S0)\n\n852-1305 (\u003e= V1.1.6.S0)\n\n852-1505 (\u003e= V1.1.5.S0)\n\n\nFirmwares published on Jun 7, 2019 or later are fixed.\n\nPlease refer to the corresponding manual. ",
"group_ids": [
"CSAFGID-0001"
]
}
],
"title": "CVE-2010-0296"
}
]
}
GHSA-GV44-P9M5-QJMR
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17
VLAI?
Details
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
{
"affected": [],
"aliases": [
"CVE-2013-1813"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-11-23T11:55:00Z",
"severity": "HIGH"
},
"details": "util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.",
"id": "GHSA-gv44-p9m5-qjmr",
"modified": "2022-05-13T01:17:59Z",
"published": "2022-05-13T01:17:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1813"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"type": "WEB",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965"
},
{
"type": "WEB",
"url": "http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784"
},
{
"type": "WEB",
"url": "http://lists.busybox.net/pipermail/busybox/2013-January/078864.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1732.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…