Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-5702

Published: 15/01/2018 Updated: 03/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Transmissionbt

Vulnerability Summary

Transmission up to and including 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote malicious users to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

Vulnerable Product Search on Vulmon Subscribe to Product

transmissionbt transmission

debian debian linux 7.0

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: transmission: rpc session-id mechanism design flaw results in RCE
Debian Bug report logs - #886990 transmission: rpc session-id mechanism design flaw results in RCE Package: src:transmission; Maintainer for src:transmission is Sandro Tosi <morph@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Jan 2018 10:21:01 UTC Severity: grave Tags: security, ups ...
Ubuntu Security Notice: transmission vulnerability
Transmission could be made to run arbitraty code ...
Debian Security Advisories: DSA-4087-1 transmission -- security update
Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running For the oldstable distribution (jessie), this problem has been fixed in ve ...
Amazon Linux AMI: ALAS-2018-950
Transmission relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack (CVE-2018-5702) ...
Arch Linux Issues:
The transmission-daemon in Transmission before 293 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack ...

Exploits

Exploit DB: Transmission - RPC DNS Rebinding
The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091 By default, the daemon will only accept requests from localhost A sampl ...

References

NVD-CWE-noinfohttps://twitter.com/taviso/status/951526615145566208https://github.com/transmission/transmission/pull/468https://bugs.chromium.org/p/project-zero/issues/detail?id=1447https://www.debian.org/security/2018/dsa-4087https://www.exploit-db.com/exploits/43665/https://lists.debian.org/debian-lts-announce/2018/01/msg00020.htmlhttps://security.gentoo.org/glsa/201806-07https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886990https://usn.ubuntu.com/3533-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/43665/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook