CVE-2017-14176 : Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to ex

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

Published 2017-11-27 10:29:00

Updated 2019-10-03 00:03:26

Source Canonical Ltd.

View at NVD, CVE.org

Products affected by CVE-2017-14176

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.04
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
Matching versions
Canonical » Bazaar
Versions up to, including, (<=) 2.7.0
cpe:2.3:a:canonical:bazaar:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-14176

EPSS FAQ

1.67%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-14176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-14176

https://www.debian.org/security/2017/dsa-4052

Debian -- Security Information -- DSA-4052-1 bzr
Issue Tracking;Third Party Advisory
http://www.ubuntu.com/usn/usn-3411-1

USN-3411-1: Bazaar vulnerability | Ubuntu security notices
Issue Tracking;Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1486685

1486685 – (CVE-2017-14176) CVE-2017-14176 bzr: does not strip bzr+ssh SSH options
Issue Tracking;Patch;Third Party Advisory
https://bugs.debian.org/874429

#874429 - bzr: CVE-2017-14176: bzr+ssh URLs don't strip SSH options - Debian Bug report logs
Issue Tracking;Third Party Advisory
https://bugs.launchpad.net/bzr/+bug/1710979

Bug #1710979 “bzr+ssh URLs don't strip SSH options” : Bugs : Bazaar
Issue Tracking;Third Party Advisory
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html

CVE-2017-14176 in Ubuntu
Issue Tracking;Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1058214

Bug 1058214 – VUL-0: CVE-2017-14176: bzr: ssh:// url injection could lead to code execution
Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2017-14176

Products affected by CVE-2017-14176

Exploit prediction scoring system (EPSS) score for CVE-2017-14176

CVSS scores for CVE-2017-14176

References for CVE-2017-14176