Article 5RQEV Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

by
janrinok
from SoylentNews on (#5RQEV)

upstart writes:

Multiple BusyBox Security Bugs Threaten Embedded Linux Devices:

Researchers have discovered 14 critical vulnerabilities in a popular program used in embedded Linux applications, all of which allow for denial of service (DoS) and 10 that also enable remote code execution (RCE), they said.

One of the flaws also could allow devices to leak info, according to researchers from JFrog Security and Claroty Research, in a report shared with Threatpost on Tuesday.

The two firms teamed up to take a deeper dive into BusyBox, a software suite used by many of the world's leading operational technology (OT) and internet of things (IoT) devices-such as programmable logic controllers (PLCs), human-machine interfaces (HMIs) and remote terminal units (RTUs). Shachar Menashe, senior director security research for JFrog, partnered with Vera Mens, Uri Katz, Tal Keren and Sharon Brizinov of Claroty Research on the report.

Touted as a "Swiss Army Knife" of embedded Linux, BusyBox is comprised of useful Unix utilities called applets that are packaged as a single executable. The program includes a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep and others.

The discovery of the flaws are significant because of the proliferation of BusyBox not just for the embedded Linux world, but also for numerous Linux applications outside of devices, Menashe said in an email to Threatpost.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments