Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
References
Link | Resource |
---|---|
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html | Issue Tracking Vendor Advisory |
http://www.ubuntu.com/usn/usn-3411-1 | Issue Tracking Vendor Advisory |
https://bugs.debian.org/874429 | Issue Tracking Third Party Advisory |
https://bugs.launchpad.net/bzr/+bug/1710979 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1486685 | Issue Tracking Patch Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1058214 | Issue Tracking Third Party Advisory |
https://www.debian.org/security/2017/dsa-4052 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2017-11-27T10:00:00
Updated: 2017-11-30T10:57:01
Reserved: 2017-09-07T00:00:00
Link: CVE-2017-14176
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-27T10:29:00.207
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-14176
JSON object: View
Redhat Information
No data.
CWE