CVE-2017-14176

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1058214 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1486685 Issue Tracking Patch Third Party Advisory
https://bugs.launchpad.net/bzr/+bug/1710979 Issue Tracking Third Party Advisory
https://bugs.debian.org/874429 Issue Tracking Third Party Advisory
http://www.ubuntu.com/usn/usn-3411-1 Issue Tracking Vendor Advisory
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html Issue Tracking Vendor Advisory
https://www.debian.org/security/2017/dsa-4052 Issue Tracking Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 3 (hide)

cpe:2.3:a:canonical:bazaar:*:*:*:*:*:*:*:*

Information

Published : 2017-11-27 02:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-14176

Mitre link : CVE-2017-14176


JSON object : View

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux
  • bazaar