PRIOn knowledge basePRION:CVE-2017-14176

HistoryNov 27, 2017 - 10:29 a.m.

Design/Logic Flaw

2017-11-2710:29:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.552 Medium

EPSS

Percentile

97.7%

JSON

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

CPENameOperatorVersion
bazaarle2.7.0
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq17.04
debian_linuxeq8.0
debian_linuxeq9.0

Name	Operator	Version
bazaar	le	2.7.0
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	17.04
debian_linux	eq	8.0
debian_linux	eq	9.0

References

people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html

www.ubuntu.com/usn/usn-3411-1

bugs.debian.org/874429

bugs.launchpad.net/bzr/+bug/1710979

bugzilla.redhat.com/show_bug.cgi?id=1486685

bugzilla.suse.com/show_bug.cgi?id=1058214

www.debian.org/security/2017/dsa-4052

nessus

EulerOS 2.0 SP2 : bzr (EulerOS-SA-2021-1283)

2021-02-22 00:00:00

EulerOS 2.0 SP5 : bzr (EulerOS-SA-2021-1180)

2021-02-04 00:00:00

EulerOS 2.0 SP3 : bzr (EulerOS-SA-2021-1060)

2021-01-20 00:00:00

openvas

Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1180)

2021-02-05 00:00:00

Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1283)

2021-02-22 00:00:00

Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1060)

2021-01-19 00:00:00

nvd

CVE-2017-14176

2017-11-27 10:29:00

CVE-2017-17459

2017-12-07 18:29:00

CVE-2017-16228

2017-10-29 20:29:00

cvelist

CVE-2017-14176

2017-11-27 10:00:00

CVE-2017-16228

2017-10-29 20:00:00

CVE-2017-17459

2017-12-07 18:00:00

ubuntucve

CVE-2017-14176

2017-09-05 00:00:00

CVE-2017-17459

2017-12-07 00:00:00

CVE-2017-16228

2017-10-29 00:00:00

cve

CVE-2017-14176

2017-11-27 10:29:00

CVE-2017-17459

2017-12-07 18:29:00

CVE-2017-16228

2017-10-29 20:29:00

redhatcve

CVE-2017-14176

2017-09-12 07:48:25

CVE-2017-16228

2017-11-03 14:19:26

CVE-2017-12836

2017-08-11 22:48:33

debiancve

CVE-2017-14176

2017-11-27 10:29:00

CVE-2017-16228

2017-10-29 20:29:00

CVE-2017-17459

2017-12-07 18:29:00

osv

CVE-2017-16228

2017-10-29 20:29:00

PYSEC-2017-12

2017-10-29 20:29:00

Dulwich RCE Vulnerability

2022-05-13 01:44:04

veracode

Arbitrary Command Execution

2017-10-30 00:47:04

Arbitrary Code Execution

2020-12-06 03:43:56

Arbitrary Code Execution

2020-08-06 21:38:56

prion

Design/Logic Flaw

2017-10-29 20:29:00

Design/Logic Flaw

2017-12-07 18:29:00

Sql injection

2017-08-20 20:29:00

github

Dulwich RCE Vulnerability

2022-05-13 01:44:04

Mercurial is vulnerable to shell injection attack

2022-05-13 01:40:56

debian

[SECURITY] [DLA 1144-1] git-annex security update

2017-10-27 15:29:08

[SECURITY] [DLA 1495-1] git-annex security update

2018-09-05 19:28:50

[SECURITY] [DLA 1072-1] mercurial security update

2017-08-31 11:57:25

hackerone

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-14 20:53:18

archlinux

[ASA-201708-7] mercurial: multiple issues

2017-08-12 00:00:00

[ASA-201708-6] git: arbitrary command execution

2017-08-12 00:00:00

freebsd

Mercurial -- multiple vulnerabilities

2017-08-10 00:00:00

cvs -- Remote code execution via ssh command injection

2017-08-10 00:00:00

myhack58

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2017-08-11 00:00:00

ubuntu

Bazaar vulnerability

2017-10-24 00:00:00

cvs vulnerability

2017-08-21 00:00:00

Git vulnerability

2017-08-11 00:00:00

cbl_mariner

CVE-2017-14176 affecting package bzr 2.7.0-

2024-07-01 09:08:31

fedora

[SECURITY] Fedora 25 Update: cvs-1.11.23-41.fc25

2017-08-29 20:25:52

[SECURITY] Fedora 26 Update: cvs-1.11.23-42.fc26

2017-08-29 15:20:16

[SECURITY] Fedora 25 Update: git-2.9.5-1.fc25

2017-08-14 00:56:27

gentoo

CVS: Command injection

2017-09-24 00:00:00

Git: Command injection

2017-09-17 00:00:00

alpinelinux

CVE-2017-12836

2017-08-24 14:29:00

CVE-2017-1000117

2017-10-05 01:29:04

CVE-2017-1000116

2017-10-05 01:29:04

mageia

Updated cvs package fixes security vulnerability

2017-08-19 13:16:28

Updated git packages fix security vulnerability

2017-08-14 01:19:29

Updated python-dulwich packages fix security vulnerability

2018-11-12 00:39:12

suse

Security update for python-dulwich (moderate)

2018-08-06 15:16:15

Security update for git (important)

2017-08-17 00:08:53

Security update for git (important)

2017-08-21 18:07:57

cloudfoundry

USN-3387-1: Git vulnerability | Cloud Foundry

2017-08-17 00:00:00

checkpoint_advisories

Git ssh URL Processing Command Execution (CVE-2017-1000117)

2018-05-02 00:00:00

slackware

[slackware-security] git

2017-08-11 23:10:53

centos

emacs, git, gitk, gitweb, perl security update

2017-08-17 10:26:34

emacs, git, gitk, gitweb, perl security update

2017-08-24 09:43:50

redhat

(RHSA-2017:2485) Important: git security update

2017-08-16 21:46:48

(RHSA-2017:2484) Important: git security update

2017-08-16 21:46:19

oraclelinux

git security update

2017-08-17 00:00:00

packetstorm

Malicious GIT HTTP Server

2017-08-30 00:00:00

amazon

Important: git

2017-08-31 16:00:00

Design/Logic Flaw

References

Related