BID:58249

BusyBox Symlink Attack Local Privilege Escalation Vulnerability

Info

BusyBox Symlink Attack Local Privilege Escalation Vulnerability

Bugtraq ID:	58249
Class:	Unknown
CVE:	CVE-2013-1813
Remote:	No
Local:	Yes
Published:	Mar 01 2013 12:00AM
Updated:	Dec 25 2013 04:41AM
Credit:	Michael Tokarev
Vulnerable:	Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Gentoo Linux Avaya Aura Experience Portal 6.0 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700

Not Vulnerable:

Discussion

BusyBox Symlink Attack Local Privilege Escalation Vulnerability

BusyBox is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on affected computers.

Exploit / POC

BusyBox Symlink Attack Local Privilege Escalation Vulnerability

An attacker uses readily available commands to exploit the issue.

Solution / Fix

BusyBox Symlink Attack Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

BusyBox Symlink Attack Local Privilege Escalation Vulnerability

References:

BusyBox Homepage (BusyBox)