Lucene search
PRIOn knowledge basePRION:CVE-2017-12836HistoryAug 24, 2017 - 2:29 p.m.
Design/Logic Flaw
2017-08-2414:29:00
PRIOn knowledge base
www.prio-n.com
7
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by “-oProxyCommand=id;localhost:/bar.”
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 17.04 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 9.0 | |
| cvs | eq | 1.12.10 | |
| cvs | eq | 1.12.7 | |
| cvs | eq | 1.12.9 | |
| cvs | eq | 1.12.11 | |
| cvs | eq | 1.12.13 |
References
lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html
www.debian.org/security/2017/dsa-3940
www.openwall.com/lists/oss-security/2017/08/11/1
www.openwall.com/lists/oss-security/2017/08/11/4
www.securityfocus.com/bid/100279
www.ubuntu.com/usn/USN-3399-1
bugzilla.redhat.com/show_bug.cgi?id=1480800
security.gentoo.org/glsa/201709-17
Related
fedora
fedora
[SECURITY] Fedora 25 Update: cvs-1.11.23-41.fc25
2017-08-29 20:25:52
[SECURITY] Fedora 26 Update: cvs-1.11.23-42.fc26
2017-08-29 15:20:16
openvas
openvas
Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2021-1467)
2021-03-05 00:00:00
Mageia: Security Advisory (MGASA-2017-0284)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-1056-1)
2018-02-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-08-06 21:38:56
Arbitrary Command Execution
2017-10-30 00:47:04
osv
osv
cvs - security update
2017-08-13 00:00:00
CVE-2017-12836
2017-08-24 14:29:00
cvs - security update
2017-08-13 00:00:00
nessus
nessus
Debian DLA-1056-1 : cvs security update
2017-08-14 00:00:00
Debian DSA-3940-1 : cvs - security update
2017-08-14 00:00:00
Fedora 25 : cvs (2017-97eb475d93)
2017-08-30 00:00:00
redhatcve
redhatcve
debian
debian
[SECURITY] [DSA 3940-1] cvs security update
2017-08-13 09:10:34
[SECURITY] [DLA 1056-1] cvs security update
2017-08-13 18:28:05
[SECURITY] [DSA 3940-1] cvs security update
2017-08-13 09:10:34
ubuntucve
ubuntucve
cve
cve
freebsd
freebsd
cvs -- Remote code execution via ssh command injection
2017-08-10 00:00:00
gentoo
gentoo
CVS: Command injection
2017-09-24 00:00:00
alpinelinux
alpinelinux
CVE-2017-12836
2017-08-24 14:29:00
nvd
nvd
debiancve
debiancve
mageia
mageia
Updated cvs package fixes security vulnerability
2017-08-19 13:16:28
ubuntu
ubuntu
cvs vulnerability
2017-08-21 00:00:00
cvelist
cvelist
prion
prion
Sql injection
2017-08-20 20:29:00
Design/Logic Flaw
2017-10-29 20:29:00
Design/Logic Flaw
2017-11-27 10:29:00
github
github
Dulwich RCE Vulnerability
2022-05-13 01:44:04