Main Vulnerability Database Vulnerabilities #VU13403

Command injection in Transmission - CVE-2018-5702

Published: June 20, 2018 / Updated: June 21, 2018

Vulnerability identifier: #VU13403

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2018-5702

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Transmission Project

Affected software:
Transmission

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary RPC commands on the target system.

The vulnerability exists in the Remote Procedure Call (RPC) session-id mechanism in Transmission due to bthe affected software uses the X-Transmission-Session-Id header for access control. A remote unauthenticated attacker can conduct a DNS rebinding attack, register a domain name and make it resolve to localhost, then delegate the domain name to an attacker-controlled DNS server that is configured to respond with a short time-to-live (TTL) record, trick the victim into following a link that submits malicious input, execute arbitrary RPC commands and arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-5702

Install update from vendor's website.

Sources

https://github.com/transmission/transmission/pull/468

Command injection in Transmission - CVE-2018-5702

Detailed vulnerability description

How to mitigate CVE-2018-5702

Sources

Please verify you're human