Published: 27/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 643

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
shadowsocks shadowsocks-libev 3.0.3
shadowsocks shadowsocks-libev 3.0.2
shadowsocks shadowsocks-libev 3.0.1
shadowsocks shadowsocks-libev 3.0.0
shadowsocks shadowsocks-libev 2.6.3
shadowsocks shadowsocks-libev 2.4.6
shadowsocks shadowsocks-libev 2.4.5
shadowsocks shadowsocks-libev 2.4.4
shadowsocks shadowsocks-libev 2.4.3
shadowsocks shadowsocks-libev 2.1.2
shadowsocks shadowsocks-libev 2.1.1
shadowsocks shadowsocks-libev 2.1.0
shadowsocks shadowsocks-libev 2.0.8
shadowsocks shadowsocks-libev 1.5.1
shadowsocks shadowsocks-libev 1.5.0
shadowsocks shadowsocks-libev 1.4.8
shadowsocks shadowsocks-libev 1.4.7
shadowsocks shadowsocks-libev 3.0.8
shadowsocks shadowsocks-libev 2.5.5
shadowsocks shadowsocks-libev 2.5.4
shadowsocks shadowsocks-libev 2.5.3
shadowsocks shadowsocks-libev 2.5.2
shadowsocks shadowsocks-libev 2.3.1
shadowsocks shadowsocks-libev 2.3.0
shadowsocks shadowsocks-libev 2.2.3
shadowsocks shadowsocks-libev 2.2.2
shadowsocks shadowsocks-libev 2.0.3
shadowsocks shadowsocks-libev 2.0.2
shadowsocks shadowsocks-libev 2.0.1
shadowsocks shadowsocks-libev 1.6.4
shadowsocks shadowsocks-libev 1.4.2
shadowsocks shadowsocks-libev 1.4.1
shadowsocks shadowsocks-libev 1.4.0
shadowsocks shadowsocks-libev 1.3.2
shadowsocks shadowsocks-libev 3.0.7
shadowsocks shadowsocks-libev 3.0.5
shadowsocks shadowsocks-libev 2.6.2
shadowsocks shadowsocks-libev 2.6.0
shadowsocks shadowsocks-libev 2.5.0
shadowsocks shadowsocks-libev 2.4.7
shadowsocks shadowsocks-libev 2.4.2
shadowsocks shadowsocks-libev 2.4.0
shadowsocks shadowsocks-libev 2.3.2
shadowsocks shadowsocks-libev 2.2.1
shadowsocks shadowsocks-libev 2.1.4
shadowsocks shadowsocks-libev 2.0.6
shadowsocks shadowsocks-libev 2.0.4
shadowsocks shadowsocks-libev 1.6.3
shadowsocks shadowsocks-libev 1.6.1
shadowsocks shadowsocks-libev 1.5.2
shadowsocks shadowsocks-libev 1.4.6
shadowsocks shadowsocks-libev 1.4.4
shadowsocks shadowsocks-libev 3.1.0
shadowsocks shadowsocks-libev 3.0.6
shadowsocks shadowsocks-libev 3.0.4
shadowsocks shadowsocks-libev 2.6.1
shadowsocks shadowsocks-libev 2.5.6
shadowsocks shadowsocks-libev 2.5.1
shadowsocks shadowsocks-libev 2.4.8
shadowsocks shadowsocks-libev 2.4.1
shadowsocks shadowsocks-libev 2.3.3
shadowsocks shadowsocks-libev 2.2.0
shadowsocks shadowsocks-libev 2.1.3
shadowsocks shadowsocks-libev 2.0.7
shadowsocks shadowsocks-libev 2.0.5
shadowsocks shadowsocks-libev 1.6.2
shadowsocks shadowsocks-libev 1.5.3
shadowsocks shadowsocks-libev 1.4.5
shadowsocks shadowsocks-libev 1.4.3
shadowsocks shadowsocks-libev 1.3
debian debian linux 9.2

In managerc in ss-manager in shadowsocks-libev before 311, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127001 UDP traffic, related to the add_server, build_config, and construct_command_line functions ...

fork from mritd/dockerfile/shadowsocks shadowsocks shadowsocks-libev 版本: 320 kcptun 版本: 20180810 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令，默认为 ss-server -s : shadowsocks-libev �

shadowsocks shadowsocks-libev 版本: 323 kcptun 版本: 20190109 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令，默认为 ss-server -s : shadowsocks-libev 参数字符串 -x : 开启 kcptun 支�

fd

shadowsocks shadowsocks-libev 版本: 323 kcptun 版本: 20190109 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shadowsocks 命令，默认为 ss-server -s : shadowsocks-libev 参数字符串 -x : 开启 kcptun 支持 -e : 指定 kcptun 命令，默认为 kcpse

shadowsocks shadowsocks-libev 版本: 334 kcptun 版本: 20200409 注意: 由于 Docker Hub 自动构建功能最近出现的 Bug 比较多，构建队列缓慢；部分镜像(包含本镜像)可能会在采用本地 Build 然后直接 push 到远程仓库的方式构建；如有安全疑虑，可自行使用本 Dockerfile 构建打开姿势 docker run -dt --name ss -p

try to deploy shadowsocks to open shift . from mritd/dockerfile/shadowsocks

Failed for no enough permission to run entrypointsh on os origin from mritd/dockerfile/shadowsocks shadowsocks shadowsocks-libev 版本: 321 kcptun 版本: 20181114 打开姿势 docker run -dt --name ss -p 6443:6443 mritd/shadowsocks -s "-s 0000 -p 6443 -m chacha20 -k test123 --fast-open" 支持选项 -m : 指定 shad

在 mritd/shadowsocks 的基础上增加了polipo 和 squid 支持 polipo 将ss的socks5代理转为http代理 squid 本地http代理在 mritd/shadowsocks 的基础上增加了privoxy支持 provoxy 将ss的socks5代理转为http代理，1支持PAC模式，2支持全局模式，3支持仅本地不走ss代理模式 PAC模式 PAC模式基于：githubcom/yueyangl

CWE-78 https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/https://github.com/shadowsocks/shadowsocks-libev/issues/1734 https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275803dc6ea22c558d06b1f7ba9f94cd8de3 http://openwall.com/lists/oss-security/2017/10/13/2 http://www.debian.org/security/2017/dsa-4009 https://nvd.nist.gov https://github.com/zhanglc/shadowsocks https://github.com/201755110121/kcp https://security.archlinux.org/CVE-2017-15924

CVE-2017-15924

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect