Vulnerability in Busybox
CVE-2013-1813
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.
Affected products
- Busybox — versions 0.38, 0.39, 0.40
- T-mobile Tm-ac1900 — versions 3.0.0.4.376_3169
- Redhat Enterprise_linux — versions 6.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2013:1732 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- [busybox] 20130722 1.21.0 is released (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (mailing-list, x_refsource_FULLDISC)
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (mailing-list, x_refsource_BUGTRAQ)
- secalert@redhat.com (x_refsource_MISC)
- 20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client (mailing-list, x_refsource_FULLDISC)
- 20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S (mailing-list, x_refsource_FULLDISC)