Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

transmission: rpc session-id mechanism design flaw results in RCE

Related Vulnerabilities: CVE-2018-5702  

Source

Debian Bug report logs - #886990
transmission: rpc session-id mechanism design flaw results in RCE

version graph

Package: src:transmission; Maintainer for src:transmission is Sandro Tosi <morph@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 12 Jan 2018 10:21:01 UTC

Severity: grave

Tags: security, upstream

Found in versions transmission/2.84-0.2, transmission/2.92-2

Fixed in versions transmission/2.84-0.2+deb8u1, transmission/2.92-2+deb9u1, transmission/2.92-3

Done: Sandro Tosi <morph@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/transmission/transmission/pull/468

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sandro Tosi <morph@debian.org>:
Bug#886990; Package src:transmission. (Fri, 12 Jan 2018 10:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sandro Tosi <morph@debian.org>. (Fri, 12 Jan 2018 10:21:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: transmission: rpc session-id mechanism design flaw results in RCE
Date: Fri, 12 Jan 2018 11:16:10 +0100
Source: transmission
Version: 2.92-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/transmission/transmission/pull/468

Hi

See the post on oss-security for details:
http://www.openwall.com/lists/oss-security/2018/01/11/1

Upstream: https://github.com/transmission/transmission/pull/468

Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff

Regards,
Salvatore

Marked as found in versions transmission/2.84-0.2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 12 Jan 2018 19:27:03 GMT) (full text, mbox, link).

Marked as fixed in versions transmission/2.92-2+deb9u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 13 Jan 2018 10:09:03 GMT) (full text, mbox, link).

Marked as fixed in versions transmission/2.84-0.2+deb8u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 13 Jan 2018 12:51:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Sandro Tosi <morph@debian.org>:
Bug#886990; Package src:transmission. (Sun, 14 Jan 2018 18:03:06 GMT) (full text, mbox, link).

Acknowledgement sent to Abhijith PA <abhijith@openmailbox.org>:
Extra info received and forwarded to list. Copy sent to Sandro Tosi <morph@debian.org>. (Sun, 14 Jan 2018 18:03:06 GMT) (full text, mbox, link).

Message #16 received at 886990@bugs.debian.org (full text, mbox, reply):

From: Abhijith PA <abhijith@openmailbox.org>
To: 886990@bugs.debian.org
Subject: Re: transmission: rpc session-id mechanism design flaw results in RCE
Date: Sun, 14 Jan 2018 23:20:39 +0530
Hello.

Why isn't this vulnerability have CVE id ?. The security-tracker[1]
shows a temporary id.

--
Abhijith

Information forwarded to debian-bugs-dist@lists.debian.org, Sandro Tosi <morph@debian.org>:
Bug#886990; Package src:transmission. (Wed, 17 Jan 2018 13:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and forwarded to list. Copy sent to Sandro Tosi <morph@debian.org>. (Wed, 17 Jan 2018 13:21:03 GMT) (full text, mbox, link).

Message #21 received at 886990@bugs.debian.org (full text, mbox, reply):

From: Vincent Lefevre <vincent@vinc17.net>
To: Abhijith PA <abhijith@openmailbox.org>, 886990@bugs.debian.org
Subject: Re: Bug#886990: transmission: rpc session-id mechanism design flaw results in RCE
Date: Wed, 17 Jan 2018 14:17:59 +0100
On 2018-01-14 23:20:39 +0530, Abhijith PA wrote:
> Why isn't this vulnerability have CVE id ?. The security-tracker[1]
> shows a temporary id.

This is CVE-2018-5702:

  https://security-tracker.debian.org/tracker/CVE-2018-5702

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply sent to Sandro Tosi <morph@debian.org>:
You have taken responsibility. (Fri, 19 Jan 2018 05:09:13 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 19 Jan 2018 05:09:13 GMT) (full text, mbox, link).

Message #26 received at 886990-close@bugs.debian.org (full text, mbox, reply):

From: Sandro Tosi <morph@debian.org>
To: 886990-close@bugs.debian.org
Subject: Bug#886990: fixed in transmission 2.92-3
Date: Fri, 19 Jan 2018 05:04:51 +0000
Source: transmission
Source-Version: 2.92-3

We believe that the bug you reported is fixed in the latest version of
transmission, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886990@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi <morph@debian.org> (supplier of updated transmission package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 18 Jan 2018 23:34:22 -0500
Source: transmission
Binary: transmission transmission-common transmission-cli transmission-gtk transmission-qt transmission-daemon
Architecture: source amd64 all
Version: 2.92-3
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi <morph@debian.org>
Changed-By: Sandro Tosi <morph@debian.org>
Description:
 transmission - lightweight BitTorrent client
 transmission-cli - lightweight BitTorrent client (command line programs)
 transmission-common - lightweight BitTorrent client (common files)
 transmission-daemon - lightweight BitTorrent client (daemon)
 transmission-gtk - lightweight BitTorrent client (GTK+ interface)
 transmission-qt - lightweight BitTorrent client (Qt interface)
Closes: 771164 885151 886990
Changes:
 transmission (2.92-3) unstable; urgency=medium
 .
   * debian/patches/transmission-fix-dns-rebinding-vuln.patch
     - fix RCE execution via dns rebinding attach; fixes CVE-2018-5702;
       Closes: #886990
   * debian/patches/bts885151_fix_ftcbfs_ac_run_ifelse.patch
     - fix a FTCBFS due to use of AC_RUN_IFELSE; Closes: #885151
   * debian/{rules, transmission-qt.install}
     - fix translation load in Qt frontend; patch by Rohan Garg; Closes: #771164
   * debian/control
     - bump Standards-Version t0 4.1.3 (no changes needed)
     - update versioned b-d on debhelper, so that we can drop dh-systemd
   * debian/copyright
     - extend packaging copyright years
Checksums-Sha1:
 940b92e25f6153352bb3396277885c2038728295 2598 transmission_2.92-3.dsc
 299aef23d76c974b3c742c988cebd9ad614573ec 25316 transmission_2.92-3.debian.tar.xz
 15c866fc94ddfc35b239aa9f0e26b77da3cd71ed 4899832 transmission-cli-dbgsym_2.92-3_amd64.deb
 6e294b4fb776a79cd3dd7a648ab520655e764d25 403752 transmission-cli_2.92-3_amd64.deb
 c290b1c1fcc1780defedcfff3e68650d2a0a4042 287512 transmission-common_2.92-3_all.deb
 135d86270f24fa71cb1c681f2cca6ac20e181c32 1016784 transmission-daemon-dbgsym_2.92-3_amd64.deb
 ba1ac416c9e69d85be829ccbb70c3b2a60f6ec94 219840 transmission-daemon_2.92-3_amd64.deb
 dadfbceaf548029159b91b0c1744437c8913cc23 1599260 transmission-gtk-dbgsym_2.92-3_amd64.deb
 e9180038e481c55437c6704a47d8ae364e3e9cd1 704076 transmission-gtk_2.92-3_amd64.deb
 6a979c48018e73949822792d3a7195da2fa2c789 10489616 transmission-qt-dbgsym_2.92-3_amd64.deb
 b786530ff48e9d0ef0e9a7a2a0abc66fa53833d9 665348 transmission-qt_2.92-3_amd64.deb
 3ac94ba355fe9b205642e89a16a8134acdf79270 1236 transmission_2.92-3_all.deb
 6080f3794ace0f3467c9b40ad5f9e7a34e2c7166 20292 transmission_2.92-3_amd64.buildinfo
Checksums-Sha256:
 2f2383b883774f0b593562badac753b5756410027afa509505f659d39ccc22f9 2598 transmission_2.92-3.dsc
 d653eb13d8436afaf5e333f0c93d5e7a3f6ca9fed43870c1ccd79302ffe994df 25316 transmission_2.92-3.debian.tar.xz
 b7337d1a52f75c52d024b661fdafa5268a6d922d9dba603c96de76db0f93b9c7 4899832 transmission-cli-dbgsym_2.92-3_amd64.deb
 35def10e3c82ebfacac58a7b2be5ae54d21864b64ca4ff72e77e70eb66553028 403752 transmission-cli_2.92-3_amd64.deb
 db0be1d3bc102833037adacf62ba2957207742a84b71d4924b95668402eb5052 287512 transmission-common_2.92-3_all.deb
 71af76acfcc22bdb7fa87559896ca20b6f5293e721b9fae8d1c1046e5fe567a4 1016784 transmission-daemon-dbgsym_2.92-3_amd64.deb
 5394cb70eb07de1b62348cc0336cc35ba7be04f6e10b22714c2289c5c4c78c22 219840 transmission-daemon_2.92-3_amd64.deb
 d738fa7b7a58dfca05de95a2c9c38c85347576784be8d512fb9bf8f83de8e4dd 1599260 transmission-gtk-dbgsym_2.92-3_amd64.deb
 91487a44feee2101c9de89fb6548763de9b403d0ef6e40501afa4ac7498f5185 704076 transmission-gtk_2.92-3_amd64.deb
 55fd376e63d8a35a27730a40d0835c6a3290af60317c69ed5adb6db3a7a65da8 10489616 transmission-qt-dbgsym_2.92-3_amd64.deb
 eafc4fb7e2805b45e9dae612832ea49de2057a4224831f8e8ce033580bfb50e5 665348 transmission-qt_2.92-3_amd64.deb
 451c809a4ec626bb62d6ef9b6f8752d82a985029183d7fe04fd3a49b90338ce4 1236 transmission_2.92-3_all.deb
 7317054350f240d52aeedf2f0cbe8b3776ecd4d37911f8b98a5b52b3b3521a8b 20292 transmission_2.92-3_amd64.buildinfo
Files:
 659eeec14bfee826406eac4d5347c21a 2598 net optional transmission_2.92-3.dsc
 84db1bb56133bddb40e1e29947d9a984 25316 net optional transmission_2.92-3.debian.tar.xz
 894842deb7bba25a2c647e9ef02f8c33 4899832 debug optional transmission-cli-dbgsym_2.92-3_amd64.deb
 9f94ae118f20ac9dc1b61ce9fb478b4f 403752 net optional transmission-cli_2.92-3_amd64.deb
 e6a6120814b1da80219176ab9a8f4141 287512 net optional transmission-common_2.92-3_all.deb
 64847608d08c98c0b5f43cee6553023d 1016784 debug optional transmission-daemon-dbgsym_2.92-3_amd64.deb
 248396170de55df0db685a1bcb57e2b6 219840 net optional transmission-daemon_2.92-3_amd64.deb
 ba41d0c738640a57287ce77c42107e3b 1599260 debug optional transmission-gtk-dbgsym_2.92-3_amd64.deb
 b776fc2cf66b1a60d75b3761582e8fba 704076 net optional transmission-gtk_2.92-3_amd64.deb
 8999af473de79152be96bafe30d9eac7 10489616 debug optional transmission-qt-dbgsym_2.92-3_amd64.deb
 660cd6809f11d5ec3c17dc496edd40e3 665348 net optional transmission-qt_2.92-3_amd64.deb
 10ab3d99205cf42d100c6545876478c5 1236 net optional transmission_2.92-3_all.deb
 0c6bf6259722c2c3200fce06d2c768e2 20292 net optional transmission_2.92-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAlphdtMACgkQh588mTgB
qU8ayxAApZJzGlf24Omm89MSrBjLQK2NOIx8wfZl7dSiwfRCchpVmydwSAd9k+7C
UdAQ0q1C5ALgrsuGgdOve/SJnf8Wh+/t7qOBGaCnCnOXH5OGmZRj2tqfZ+V2iBKG
IQGJXI7yU3zc1WwmpvUh7iFnwl0S+lKI2zNgSN+QDp0t9rQuzmpgOIBthGLHu7b5
22RBJ8WT+9GWp4d5aO2x++BT6qfD0C8Q9RZp10GtF6OrwQwiwRWkCn9iD5c1x8IU
zCsUj/hd5+E32xNOq1s0yUEgw39+Qakt29CNh4pLGmIaeDtBKpnuwrKRCvBOZ9VY
w/KFdfyuin1IAhDmaPtRtNzrtaT7defcvAqfRE0JXJJj57yhjDxM6qvkxPQXERcE
RqbjDSFG7aczUqHkY45olHH2MLJ9qLJL+Ve9WzmRPL69JRwsF0I2m2BuIo6bmTVO
mFGRXviA2WM7b4hOT43WCXPHlc3zovClRF07AqhZeKVUoXxiYeIvobdXDS+6z+Me
90NbZka4kuw2f4Uc4a6oWQkJZS4MkhkHzrsfSmfvobtxE+OB+vrCclGl9oprqj1W
EeQPZ0LjQN+KfwvP5Ss4vDZXiBmPPBFFprQG1Ivti7oWPbLpL/BMfLLd9IeRKwRr
k2xCk9wcNVXhZtVwLvXfIi7ziUCFqmvlxWWtWsVTJjjG1L1OEN0=
=hxda
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 11 Mar 2018 07:30:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:04:11 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started