Vulnerabilities in Buildroot that allow code execution on the build server through a MITM attack
In the Buildroot build system, aimed at creating bootable Linux environments for embedded systems, six vulnerabilities have been identified that allow, during the interception of transit traffic (MITM), to make changes to the generated system images or organize code execution at the build system level. The vulnerabilities have been addressed in Buildroot releases 2023.02.8, 2023.08.4, and 2023.11. The first five vulnerabilities (CVE-2023-45841, CVE-2023-45842, CVE-2023-45838, CVE-2023-45839, CVE-2023-45840) affect […]