Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
828
VMScore

CVE-2017-14176

Published: 27/11/2017 Updated: 03/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Debian

Vulnerability Summary

Bazaar up to and including 2.7.0, when Subprocess SSH is used, allows remote malicious users to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 9.0

debian debian linux 8.0

canonical ubuntu linux 16.04

canonical ubuntu linux 17.04

canonical ubuntu linux 14.04

canonical bazaar

Vendor Advisories

Debian CVElist Bug Report Logs: bzr: CVE-2017-14176: bzr+ssh URLs don't strip SSH options
Debian Bug report logs - #874429 bzr: CVE-2017-14176: bzr+ssh URLs don't strip SSH options Package: src:bzr; Maintainer for src:bzr is Debian Bazaar Maintainers <pkg-bazaar-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Sep 2017 04:39:01 UTC Severity: grave Tags: s ...
Ubuntu Security Notice: bzr vulnerability
Bazaar could be made run programs as your login if it opened a specially crafted URL ...
Red Hat: CVE-2017-14176
Bazaar through 270, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117 ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1089 bzr 270-3 Unknown Vulnerable FS#65227 ...

References

NVD-CWE-noinfohttps://bugzilla.suse.com/show_bug.cgi?id=1058214https://bugzilla.redhat.com/show_bug.cgi?id=1486685https://bugs.launchpad.net/bzr/+bug/1710979https://bugs.debian.org/874429http://www.ubuntu.com/usn/usn-3411-1http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.htmlhttps://www.debian.org/security/2017/dsa-4052https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874429https://usn.ubuntu.com/3411-2/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook