btrbk is vulnerable to remote code execution. The vulnerability exists due to the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
CPE | Name | Operator | Version |
---|---|---|---|
btrbk:sid | eq | 0.27.1-1.1 | |
btrbk:sid | eq | 0.27.1-1 | |
btrbk:sid | eq | 0.27.1-1.1 | |
btrbk:sid | eq | 0.27.1-1 | |
btrbk:bullseye | eq | 0.27.1-1 |
github.com/digint/btrbk/blob/master/ChangeLog
github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584
lists.debian.org/debian-lts-announce/2021/09/msg00002.html
lists.fedoraproject.org/archives/list/[email protected]/message/BP2T32JMENJFRP2HWXR7FTTZVRTTPECL/
lists.fedoraproject.org/archives/list/[email protected]/message/LM7GLTUN5YS4KE2RNBX732EAMVVGNEX3/
security-tracker.debian.org/tracker/CVE-2021-38173