MDVSA-2012:129 -- Mandriva busyboxID: oval:org.secpod.oval:def:1300110 | Date: (C)2013-01-01 (M)2023-11-09 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service , and possibly execute arbitrary code, via crafted data that leads to a buffer underflow . A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted . Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |