漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries
Vulnerability Description
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
BusyBox 安全漏洞
Vulnerability Description
BusyBox是乌克兰Denis Vlasenko个人开发者的一套包含了多个linux命令和工具的应用程序。 BusyBox存在安全漏洞,该漏洞源于其tar归档提取时未验证硬链接或符号链接条目,可能导致提取恶意归档时修改预期目录外的文件,进而可能权限提升。
CVSS Information
N/A
Vulnerability Type
N/A