cve/2017/CVE-2017-16544.md

### [CVE-2017-16544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

### POC

#### Reference
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://seclists.org/fulldisclosure/2019/Jun/18
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://seclists.org/fulldisclosure/2020/Aug/20
- http://seclists.org/fulldisclosure/2020/Mar/15
- http://seclists.org/fulldisclosure/2020/Sep/6
- http://seclists.org/fulldisclosure/2021/Aug/21
- http://seclists.org/fulldisclosure/2021/Jan/39
- http://seclists.org/fulldisclosure/2022/Jun/36
- https://seclists.org/bugtraq/2019/Jun/14
- https://seclists.org/bugtraq/2019/Sep/7

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Live-Hack-CVE/CVE-2017-16544
- https://github.com/lnick2023/nicenice
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-16544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html`
			`- http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html`
			`- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html`
			`- http://seclists.org/fulldisclosure/2019/Jun/18`
			`- http://seclists.org/fulldisclosure/2019/Sep/7`
			`- http://seclists.org/fulldisclosure/2020/Aug/20`
			`- http://seclists.org/fulldisclosure/2020/Mar/15`
			`- http://seclists.org/fulldisclosure/2020/Sep/6`
			`- http://seclists.org/fulldisclosure/2021/Aug/21`
			`- http://seclists.org/fulldisclosure/2021/Jan/39`
			`- http://seclists.org/fulldisclosure/2022/Jun/36`
			`- https://seclists.org/bugtraq/2019/Jun/14`
			`- https://seclists.org/bugtraq/2019/Sep/7`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Live-Hack-CVE/CVE-2017-16544`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`