UBUNTU-CVE-2017-16544

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2017-16544
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-16544.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-16544
Related
Published
2017-11-20T00:00:00Z
Modified
2025-06-10T15:28:07Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

References

Affected packages

Ubuntu:14.04:LTS / busybox

Package

Name
busybox
Purl
pkg:deb/ubuntu/busybox@1:1.21.0-1ubuntu1.4?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.21.0-1ubuntu1.4

Affected versions

1:1.*

1:1.20.0-8.1ubuntu1
1:1.20.0-9ubuntu1
1:1.20.0-9ubuntu2
1:1.21.0-1ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "busybox",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-dbgsym",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-initramfs",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-initramfs-dbgsym",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-static",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-static-dbgsym",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-syslogd",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-udeb",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "busybox-udeb-dbgsym",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "udhcpc",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        },
        {
            "binary_name": "udhcpd",
            "binary_version": "1:1.21.0-1ubuntu1.4"
        }
    ]
}

Ubuntu:16.04:LTS / busybox

Package

Name
busybox
Purl
pkg:deb/ubuntu/busybox@1:1.22.0-15ubuntu1.4?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.22.0-15ubuntu1.4

Affected versions

1:1.*

1:1.22.0-15ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "busybox",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-dbgsym",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-initramfs",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-initramfs-dbgsym",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-static",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-static-dbgsym",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-syslogd",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-udeb",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "busybox-udeb-dbgsym",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "udhcpc",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        },
        {
            "binary_name": "udhcpd",
            "binary_version": "1:1.22.0-15ubuntu1.4"
        }
    ]
}

Ubuntu:18.04:LTS / busybox

Package

Name
busybox
Purl
pkg:deb/ubuntu/busybox@1:1.27.2-1ubuntu4?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.27.2-1ubuntu4

Affected versions

1:1.*

1:1.22.0-19ubuntu2
1:1.27.2-1ubuntu3

Ecosystem specific 

{
    "ubuntu_priority": "medium",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "busybox",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-dbgsym",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-initramfs",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-initramfs-dbgsym",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-static",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-static-dbgsym",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-syslogd",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "busybox-udeb",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "udhcpc",
            "binary_version": "1:1.27.2-1ubuntu4"
        },
        {
            "binary_name": "udhcpd",
            "binary_version": "1:1.27.2-1ubuntu4"
        }
    ]
}