1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Major security issues found in top Linux program for embedded dev

    From TechnologyDaily@1337:1/100 to All on Tue Nov 9 14:45:04 2021
    Major security issues found in top Linux program for embedded devices

    Date:
    Tue, 09 Nov 2021 14:30:06 +0000

    Description:
    Researchers find over a dozen vulnerabilities in one of the most popular
    Linux suite of programs for embedded devices.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered 14 critical vulnerabilities in BusyBox, marketed as the Swiss Army Knife of embedded Linux.

    BusyBox is one of the most widely used Linux software suites, and many of the worlds leading operational technology (OT) and Internet of Things (IoT) devices run BusyBox.

    Some of the threats could have resulted in denial of service (DoS) attacks in exploited, and in rarer cases, could also lead to information leaks and possibly remote code execution. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    These new vulnerabilities that we've disclosed only manifest in specific cases, but could be extremely problematic when exploitable. The proliferation of BusyBox makes this an issue that needs to be addressed by security teams, the team noted. Assessing the damage

    To assess the threat level posed by these vulnerabilities, the researchers inspected JFrog's database of more than 10,000 publicly-available embedded firmware images.

    Their experiment revealed that 40% of the images contained a BusyBox executable file that was linked with one of the affected applets, leading
    them to conclude that the vulnerabilities are extremely widespread among Linux-based embedded firmware.

    That said, the researchers shared several reasons that lead them to believe that the discovered vulnerabilities would likely not pose a critical security threat.

    For starters, the researchers say that even though the DoS vulnerabilities
    are trivial to exploit, their impact can usually be mitigated by the fact
    that the affected applets almost always run as a separate forked process.

    Similarly, the use-after-free vulnerabilities may be exploitable for remote code execution, but the researchers didnt not attempt to create a weaponized exploit for them. Finally, the information leak vulnerability is nontrivial
    to exploit.

    The researchers note that all 14 vulnerabilities have been fixed in BusyBox 1.34.0 as they urge companies to upgrade their BusyBox deployments, or at least ensure that they arent using any of the affected applets.

    Prevent information leaks with the help of one of these best firewall apps and services, and ensure your computers are running these best endpoint protection tools to add another layer of defense against cyber-attacks.



    ======================================================================
    Link to news story: https://www.techradar.com/news/major-security-issues-found-in-top-linux-progra m-for-embedded-devices/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)