Lucene search

[email protected]CVE-2014-8990

HistoryDec 05, 2014 - 4:59 p.m.

CVE-2014-8990

2014-12-0516:59:11

CWE-77

[email protected]

web.nvd.nist.gov

cve-2014-8990

lsyncd

remote attackers

arbitrary commands

shell metacharacters

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

lsyncd_projectlsyncdRange≤2.1.5

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq7.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	7.0

References

lists.fedoraproject.org/pipermail/package-announce/2014-December/145114.html

lists.fedoraproject.org/pipermail/package-announce/2014-December/145131.html

secunia.com/advisories/62321

www.debian.org/security/2015/dsa-3130

www.openwall.com/lists/oss-security/2014/11/19/1

www.openwall.com/lists/oss-security/2014/11/20/5

www.securityfocus.com/bid/71179

github.com/axkibe/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52

github.com/axkibe/lsyncd/commit/e6016b3748370878778b8f0b568d5281cc248aa4

github.com/axkibe/lsyncd/issues/220

security.gentoo.org/glsa/201702-05

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2014-8990

prion1 nessus5 openvas5 fedora3 ubuntucve1 nvd1 debian1 gentoo1 cvelist1 debiancve1 osv1