Cybersecurity (opens in new tab) researchers have discovered 14 critical vulnerabilities in BusyBox, marketed as the Swiss Army Knife of embedded Linux.
BusyBox is one of the most widely used Linux (opens in new tab) software suites, and many of the world’s leading operational technology (OT) and Internet of Things (IoT) (opens in new tab) devices run BusyBox.
Some of the threats could have resulted in denial of service (DoS) attacks in exploited, and in rarer cases, could also lead to information leaks and possibly remote code execution.
“These new vulnerabilities that we've disclosed only manifest in specific cases, but could be extremely problematic when exploitable. The proliferation of BusyBox makes this an issue that needs to be addressed by security teams,” the team noted.
Assessing the damage
To assess the threat level posed by these vulnerabilities, the researchers inspected JFrog's database of more than 10,000 publicly-available embedded firmware images.
Their experiment revealed that 40% of the images contained a BusyBox executable file that was linked with one of the affected applets, leading them to conclude that the vulnerabilities are extremely widespread among Linux-based embedded firmware.
That said, the researchers shared several reasons (opens in new tab) that lead them to believe that the discovered vulnerabilities would likely not pose a critical security threat.
For starters, the researchers say that even though the DoS vulnerabilities are trivial to exploit, their impact can usually be mitigated by the fact that the affected applets almost always run as a separate forked process.
Similarly, the use-after-free vulnerabilities may be exploitable for remote code execution, but the researchers didn’t not attempt to create a weaponized exploit for them. Finally, the information leak vulnerability is nontrivial to exploit.
The researchers note that all 14 vulnerabilities have been fixed in BusyBox 1.34.0 as they urge companies to upgrade their BusyBox deployments, or at least ensure that they aren’t using any of the affected applets.
Prevent information leaks with the help of one of these best firewall (opens in new tab) apps and services, and ensure your computers are running these best endpoint protection tools (opens in new tab) to add another layer of defense against cyber-attacks.