VDB
CVE-2018-1000802
CVE-2018-1000802
PUBLISHED
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
EPSS 26.49% · 96.4th percentile
Risk Scores
EPSS Score
26.49%
96.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | python3.4 | 3.4~rc1-1build1, 3.4.3-1ubuntu1~14.04.6, 3.4.3-1ubuntu1~14.04.5 |
| Ubuntu:14.04:LTS | python2.7 | 2.7.6-8, 0, 2.7.5-8ubuntu3 |
| Ubuntu:18.04:LTS | python2.7 | 2.7.14-6, 2.7.14-7, 2.7.14-8 |
| Ubuntu:16.04:LTS | python2.7 | 2.7.12-1ubuntu0~16.04.2, 2.7.12-1ubuntu0~16.04.1, 2.7.12-1~16.04 |
Exploit Intelligence
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- Python CVE-2018-1000802 Proof-of-Concept (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
…and 4 more exploits
Timeline
- Sep 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1000802 third-party-advisory
- https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig third-party-advisory
- https://ubuntu.com/security/notices/USN-3817-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3817-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1000802 third-party-advisory