7.2
CVSSv2

CVE-2017-15924

Published: 27/10/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 643
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.

Affected Products

Vendor Product Versions
ShadowsocksShadowsocks-libev1.3, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0
DebianDebian Linux9.2

Vendor Advisories

Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : securityarchlinuxorg/AVG-474 Summary ======= The package shadowsocks-libev before version 311-1 is ...
In managerc in ss-manager in shadowsocks-libev before 311, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127001 UDP traffic, related to the add_server, build_config, and construct_command_line functions ...

Github Repositories

shadowsocks shadowsocks-libev 版本: 323 kcptun 版本: 20190109 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令,默认为 ss-server -s : shadowsocks-libev 参数字符串 -x : 开启 kcptun 支持 -e : 指定 kcptun 命令,默认为 kcpse

shadowsocks shadowsocks-libev 版本: 323 kcptun 版本: 20190109 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令,默认为 ss-server -s : shadowsocks-libev 参数字符串 -x : 开启 kcptun 支持 -e : 指定 kcptun 命令,默认

fork from mritd/dockerfile/shadowsocks shadowsocks shadowsocks-libev 版本: 320 kcptun 版本: 20180810 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令,默认为 ss-server -s : shadowsocks-libev 参数字符串 -x : 开启 kcptun 支持

shadowsocks shadowsocks-libev 版本: 324 kcptun 版本: 20190109 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令,默认为 ss-server -s : shadowsocks-libev 参数字符串 -x : 开启 kcptun 支持 -e : 指定 kcptun 命令,默认

Failed for no enough permission to run entrypointsh on os origin from mritd/dockerfile/shadowsocks shadowsocks shadowsocks-libev 版本: 321 kcptun 版本: 20181114 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令,默认为 ss-server -s

Nix Issue Database Example This repository is an example output of a tool that I have been tinkering wit for some time now This repository aims to provide the following properties without introducing the need for a "proper" database The files and the output should be parsable using standard shell utilities Tools that ease the usage and/or provide aggregated outputs