CVE-2021-38173

Опубликовано: 07 авг. 2021

Источник: debian

Описание

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
btrbk	fixed	0.27.1-2		package
btrbk	fixed	0.27.1-1.1+deb11u1	bullseye	package
btrbk	fixed	0.27.1-1+deb10u1	buster	package

Примечания

Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)

Связанные уязвимости

CVE-2021-38173

CVSS3: 9.8

ubuntu

больше 4 лет назад

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

CVE-2021-38173

CVSS3: 9.8

nvd

больше 4 лет назад

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

GHSA-c38g-xjq6-3v46

CVSS3: 9.8

github

больше 3 лет назад

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.