Red Hat update for supervision

Published: 2017-08-16 15:27:53 | Updated: 2017-08-16 15:30:19
Severity High
Patch available YES
Number of vulnerabilities 1
CVSSv2 7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-9800
CWE ID CWE-78
Exploitation vector Network
Public exploit Not available
Vulnerable software Red Hat Enterprise Linux
Vulnerable software versions Red Hat Enterprise Linux 7
Vendor URL Red Hat Inc.
Advisory type Public

Security Advisory

1) OS command injection

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The weakness exists due to command injection flaw. A remote attacker (e.g., repository, proxy server) can return a specially crafted 'svn+ssh://' URL during 'checkout', 'export', 'update', and 'switch' commands and execute arbitrary shell commands with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:2480

Back to List