MDVSA-2012:129-1 -- Mandriva busyboxID: oval:org.secpod.oval:def:302945 | Date: (C)2012-11-02 (M)2023-11-09 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service , and possibly execute arbitrary code, via crafted data that leads to a buffer underflow . A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted . Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. Update: The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.
Platform: |
Mandriva Linux 2011.0 |