Skip to navigation

Security Advisory Low: busybox security and bug fix update

Advisory: RHSA-2012:0308-3
Type: Security Advisory
Severity: Low
Issued on: 2012-02-21
Last updated on: 2012-02-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2006-1168
CVE-2011-2716

Details

Updated busybox packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.

A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially-crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user running
BusyBox. (CVE-2006-1168)

The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option's value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. (CVE-2011-2716)

This update also fixes the following bugs:

* Prior to this update, the cp command wrongly returned the exit code 0 to
indicate success if a device ran out of space while attempting to copy
files of more than 4 gigabytes. This update modifies BusyBox, so that in
such situations, the exit code 1 is returned. Now, the cp command shows
correctly whether a process failed. (BZ#689659)

* Prior to this update, the findfs command failed to check all existing
block devices on a system with thousands of block device nodes in "/dev/".
This update modifies BusyBox so that findfs checks all block devices even
in this case. (BZ#756723)

All users of busybox are advised to upgrade to these updated packages,
which correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
busybox-1.2.0-13.el5.src.rpm
File outdated by:  RHBA-2013:0075
    MD5: 818f4af3c652d036f3c97e7767fd5607
SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
 
IA-32:
busybox-1.2.0-13.el5.i386.rpm
File outdated by:  RHBA-2013:0075
    MD5: 839ca30697d8d88745ebbb6fa738cc1f
SHA-256: e1aaa1726ad230c8a35d93e723be165c266eb2194511e552ce0fe345430c624d
busybox-anaconda-1.2.0-13.el5.i386.rpm
File outdated by:  RHBA-2013:0075
    MD5: 00e99d38d8a6c5f9313bc53358313090
SHA-256: 332bbecb9a82f3303c16ab00982d246b79f5e57ac6b9b018f8c924fcbae6534b
 
IA-64:
busybox-1.2.0-13.el5.ia64.rpm
File outdated by:  RHBA-2013:0075
    MD5: 0ae12aefc3f46f9f1f07d19291a8d626
SHA-256: 8c6267898ca584dee6a52ccf1737fa284daeae15448ec2f4049f56a89144ab07
busybox-anaconda-1.2.0-13.el5.ia64.rpm
File outdated by:  RHBA-2013:0075
    MD5: ee88f0beb6da079facab6a4cef0d07b1
SHA-256: 1cacf4304ed2742d4bf6d8a9c7582784526df2210017ae95ea940e416a894e5e
 
PPC:
busybox-1.2.0-13.el5.ppc.rpm
File outdated by:  RHBA-2013:0075
    MD5: 76c6e5f1014a212dddba2f0769967805
SHA-256: 94669ac7d72765a8e11d0f18cbb99d5b080137fb7082507679c96b97021d2860
busybox-anaconda-1.2.0-13.el5.ppc.rpm
File outdated by:  RHBA-2013:0075
    MD5: 0f9ea4f395d1945aae4aaecab93da772
SHA-256: ef2e6efe39dd1d3eb0bfb71fa7d74e8748419cbca5670144c35d23d3cdf4a470
 
s390x:
busybox-1.2.0-13.el5.s390x.rpm
File outdated by:  RHBA-2013:0075
    MD5: 345cce1ed148b416da19ef0746ff7921
SHA-256: c523c41f09473e6e87b0de4abb255f46a6d18871763104e18bab8c353ba594ab
busybox-anaconda-1.2.0-13.el5.s390x.rpm
File outdated by:  RHBA-2013:0075
    MD5: b2f845be81b1527f265ca39a402acf97
SHA-256: 346ca103045c2881ff2f672ec9a4046d011ebfc97b39ad28c09bc4573c3b3247
 
x86_64:
busybox-1.2.0-13.el5.x86_64.rpm
File outdated by:  RHBA-2013:0075
    MD5: f8baa59eef4bd8c58455f5280814f7be
SHA-256: 8abbbde458515dfdde502f57bb6fe2a7f1db7548d6453e7d383eaf0fadb3e177
busybox-anaconda-1.2.0-13.el5.x86_64.rpm
File outdated by:  RHBA-2013:0075
    MD5: f752482aeb8481360bc1703f43c35e27
SHA-256: bebec61ba88cce8643d919742e50e73a0e8a5d31df6c7d1c9068e75ff53579d4
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
busybox-1.2.0-13.el5.src.rpm
File outdated by:  RHBA-2013:0075
    MD5: 818f4af3c652d036f3c97e7767fd5607
SHA-256: 8ee9908e230d174f6ef3ac6d5f62ef770524d4d1b1cfe576373ffdaa199c6cd7
 
IA-32:
busybox-1.2.0-13.el5.i386.rpm
File outdated by:  RHBA-2013:0075
    MD5: 839ca30697d8d88745ebbb6fa738cc1f
SHA-256: e1aaa1726ad230c8a35d93e723be165c266eb2194511e552ce0fe345430c624d
busybox-anaconda-1.2.0-13.el5.i386.rpm
File outdated by:  RHBA-2013:0075
    MD5: 00e99d38d8a6c5f9313bc53358313090
SHA-256: 332bbecb9a82f3303c16ab00982d246b79f5e57ac6b9b018f8c924fcbae6534b
 
x86_64:
busybox-1.2.0-13.el5.x86_64.rpm
File outdated by:  RHBA-2013:0075
    MD5: f8baa59eef4bd8c58455f5280814f7be
SHA-256: 8abbbde458515dfdde502f57bb6fe2a7f1db7548d6453e7d383eaf0fadb3e177
busybox-anaconda-1.2.0-13.el5.x86_64.rpm
File outdated by:  RHBA-2013:0075
    MD5: f752482aeb8481360bc1703f43c35e27
SHA-256: bebec61ba88cce8643d919742e50e73a0e8a5d31df6c7d1c9068e75ff53579d4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

201919 - CVE-2006-1168 ncompress: .bss buffer underflow in decompression
689659 - "busybox cp" does not return a correct exit code when "No space left on device"
725364 - CVE-2011-2716 busybox: udhcpc insufficient checking of DHCP options


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/