Remote code execution in Transmission
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-5702 |
| CWE-ID | CWE-77 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Transmission Web applications / Other software |
| Vendor | Transmission Project |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Command injection
EUVDB-ID: #VU13403
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-5702
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary RPC commands on the target system.
The vulnerability exists in the Remote Procedure Call (RPC) session-id mechanism in Transmission due to bthe affected software uses the X-Transmission-Session-Id header for access control. A remote unauthenticated attacker can conduct a DNS rebinding attack, register a domain name and make it resolve to localhost, then delegate the domain name to an attacker-controlled DNS server that is configured to respond with a short time-to-live (TTL) record, trick the victim into following a link that submits malicious input, execute arbitrary RPC commands and arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Transmission: 2.50 - 2.92
External linkshttp://github.com/transmission/transmission/pull/468
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
