Fedora EPEL 7 update for transmission

1) Command injection

EUVDB-ID: #VU13403

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2018-5702

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary RPC commands on the target system.

The vulnerability exists in the Remote Procedure Call (RPC) session-id mechanism in Transmission due to bthe affected software uses the X-Transmission-Session-Id header for access control. A remote unauthenticated attacker can conduct a DNS rebinding attack, register a domain name and make it resolve to localhost, then delegate the domain name to an attacker-controlled DNS server that is configured to respond with a short time-to-live (TTL) record, trick the victim into following a link that submits malicious input, execute arbitrary RPC commands and arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 7

transmission: before 2.94-6.el7

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:transmission:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8395a0247

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.