PT-2011-1230 · Busybox+2 · Busybox+2

Tyler Hicks

Publicado

2011-01-04

Atualizado

2025-03-13

CVE-2011-5325

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions BusyBox versions prior to 1.22.0

Description The issue is related to a directory traversal vulnerability in the BusyBox implementation of tar, which allows remote attackers to point to files outside the current working directory via a symlink. This vulnerability is associated with incorrect path name restrictions, enabling a remote attacker to impact data integrity using a symbolic link.

Recommendations For versions prior to 1.22.0, update to version 1.22.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the tar implementation in BusyBox to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2021-03339

CVE-2011-5325

DLA-1445-1

DLA-1445-3

DLA-2559-1

OPENSUSE-SU-2021:1408-1

OPENSUSE-SU-2021:3531-1

OPENSUSE-SU-2021_1408-1

OPENSUSE-SU-2021_3531-1

OPENSUSE-SU-2022:0135-1

OPENSUSE-SU-2022_0135-1

OPENSUSE-SU-2022_3959-1

OPENSUSE-SU-2024:11738-1

SUSE-SU-2021:3531-1

SUSE-SU-2021_3531-1

SUSE-SU-2022:0135-1

SUSE-SU-2022:0135-2

SUSE-SU-2022:3959-1

SUSE-SU-2022:4253-1

SUSE-SU-2022_0135-1

SUSE-SU-2022_3959-1

SUSE-SU-2022_4253-1

USN-3935-1

Produtos afetados

Busybox

Suse

Ubuntu

PT-2011-1230 · Busybox+2 · Busybox+2

CVE-2011-5325

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 225