VDB

GCVE-110-MAGEIA-2017-336

GCVE-110-MAGEIA-2017-336
Advisory Published
Vulnetix · Advisory published September 10, 2017
Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user.

Affected Products

VendorProductVersionsPlatforms
Mageiabzr0 (affected), 2.7.0-1.1.mga6 (unaffected)
Mageiabzr0 (affected), 2.6.0-11.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›