BusyBox is an open-source utility that combines several standard Unix tools such as cp, ls, grep into a single binary or executable file.
DevOps firm JFrog and industrial cybersecurity company, Claroty’s researchers have published a joint report to share details of fourteen vulnerabilities they identified in the BusyBox Linux utility.
About the Flaws
These security vulnerabilities are tracked from CVE-2021-42373 through CVE-2021-42386. Reportedly, these security weaknesses impact multiple versions of BusyBox, ranging from 1.16 through1.33.1. BusyBox developers patched all the flaws in August with the release of version 1.34.0.
According to researchers, these security flaws can be exploited by threat actors to launch DoS (denial-of-service) attacks. In some cases, if exploited, these can also lead to remote code execution and information disclosure.
However, the flaws were assigned a Medium severity rating because researchers believe they are least likely to be exploited for malicious purposes.
What is BusyBox?
BusyBox is an open-source utility that combines several standard Unix tools such as cp, ls, grep into a single binary or executable file. BusyBox is generally used by embedded devices like IoT products or ICS (industrial control systems).
Also known as the Swiss Army Knife of Embedded Linux, the tool runs on Linux systems