ID |
CVE-2017-12836
|
Summary |
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:gnu:cvs:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.1:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.3:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.5:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.6:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.7:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.9:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.10:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.11:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.12:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:cvs:1.12.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:cvs:1.12.13:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.1 (as of 03-10-2019 - 00:03) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 100279 | debian | DSA-3940 | gentoo | GLSA-201709-17 | misc | https://bugzilla.redhat.com/show_bug.cgi?id=1480800 | mlist | - [bug-cvs] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)
- [oss-security] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)
- [oss-security] 20170811 Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)
| ubuntu | USN-3399-1 |
|
Last major update |
03-10-2019 - 00:03 |
Published |
24-08-2017 - 14:29 |
Last modified |
03-10-2019 - 00:03 |