{"containers": {"cna": {"affected": [{"product": "Bazaar through 2.7.0", "vendor": "n/a", "versions": [{"status": "affected", "version": "Bazaar through 2.7.0"}]}], "datePublic": "2017-11-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117."}], "problemTypes": [{"descriptions": [{"description": "command injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-30T10:57:01.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "DSA-4052", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4052"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1058214"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ubuntu.com/usn/usn-3411-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/874429"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/bzr/+bug/1710979"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2017-14176", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bazaar through 2.7.0", "version": {"version_data": [{"version_value": "Bazaar through 2.7.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "command injection"}]}]}, "references": {"reference_data": [{"name": "DSA-4052", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4052"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1058214", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1058214"}, {"name": "http://www.ubuntu.com/usn/usn-3411-1", "refsource": "CONFIRM", "url": "http://www.ubuntu.com/usn/usn-3411-1"}, {"name": "https://bugs.debian.org/874429", "refsource": "CONFIRM", "url": "https://bugs.debian.org/874429"}, {"name": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html", "refsource": "CONFIRM", "url": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html"}, {"name": "https://bugs.launchpad.net/bzr/+bug/1710979", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/bzr/+bug/1710979"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:20:41.042Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4052", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4052"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1058214"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-3411-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/874429"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/bzr/+bug/1710979"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2017-14176", "datePublished": "2017-11-27T10:00:00.000Z", "dateReserved": "2017-09-07T00:00:00.000Z", "dateUpdated": "2024-08-05T19:20:41.042Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:bazaar:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D747C60-C3A8-4CCE-A7D2-A5E58CA48C2A", "versionEndIncluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117."}, {"lang": "es", "value": "Bazaar hasta la versi\u00f3n 2.7.0, cuando se utiliza un subproceso SSH, perote que atacantes remotos ejecuten comandos arbitrarios mediante una URL bzr+ssh con un car\u00e1cter gui\u00f3n inicial en el nombre del host. Esta vulnerabilidad est\u00e1 relacionada con CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116 y CVE-2017-1000117."}], "id": "CVE-2017-14176", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-27T10:29:00.207", "references": [{"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.ubuntu.com/usn/usn-3411-1"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/874429"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/bzr/+bug/1710979"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1058214"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.ubuntu.com/usn/usn-3411-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.debian.org/874429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/bzr/+bug/1710979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1058214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4052"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "bzr: does not strip bzr+ssh SSH options", "id": "1486685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486685"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-77", "details": ["Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117."], "name": "CVE-2017-14176", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "bzr", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "bzr", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-08-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-14176\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14176"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}

{}