Wind River Support Network

HomeDefectsLIN9-7056
Fixed

LIN9-7056 : Security Advisory - busybox - CVE-2018-1000500

Created: Jun 29, 2018    Updated: Dec 3, 2018
Resolved Date: Jul 24, 2018
Found In Version: 9.0.0.16
Fix Version: 9.0.0.17
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

Busybox contains a Missing SSL certificate validation vulnerability in The busybox wget applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using busybox wget https://compromised-domain.com/important-file.

https://nvd.nist.gov/vuln/detail/CVE-2018-1000500

Other Downloads


CVEs


Live chat
Online