Vigil@nce - BusyBox: buffer overflow of httpd
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in the httpd service of
BusyBox, in order to trigger a denial of service, and possibly to
run code.
Impacted products: BusyBox.
Severity: 2/4.
Creation date: 26/10/2015.
DESCRIPTION OF THE VULNERABILITY
The BusyBox product offers a web service.
The send_headers() function of the networking/httpd.c file sends
HTTP headers. However, when this function builds an HTTP code 302
redirection reply, it uses the sprintf() function without checking
the size of the storage array, so an overflow occurs.
An attacker can therefore generate a buffer overflow in the httpd
service of BusyBox, in order to trigger a denial of service, and
possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/BusyBox-buffer-overflow-of-httpd-18177