94 matches found
CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
Shadowsocks-libev Access Control Error Vulnerability (CNVD-2020-00259)
Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An access control error vulnerability exists in the ss-manager binary in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to elevate privileges and execute arbitrary code...
Shadowsocks-libev ss-manager add_server Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...
Shadowsocks-libev Information Disclosure Vulnerability
Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An information disclosure vulnerability exists in the network packet handling feature in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to disclose information with the help of specially crafted...
Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
[SECURITY] Fedora 27 Update: libuv-1.19.2-1.fc27
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all plat form differences in this library...
FreeBSD : shadowsocks-libev -- command injection via shell metacharacters (3746de31-0a1a-11e8-83e7-485b3931c969)
MITRE reports : Improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...
The vulnerability of the ss-manager component (manager.c) of the shadowsocks-libev proxy server allows a hacker to inject any command or execute any code.
The vulnerability of the ss-manager component manager.c of the shadowsock-libev proxy server is related to insufficient cleaning of special elements used in the command. Exploiting this vulnerability allows a local attacker to inject arbitrary commands or execute arbitrary code by sending a...
MGASA-2017-0436 Updated shadowsocks-libev packages fix security vulnerability
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...
Updated shadowsocks-libev packages fix security vulnerability
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...
[ASA-201711-40] shadowsocks-libev: arbitrary command execution
Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-474 Summary ======= The package...
openSUSE Security Update : shadowsocks-libev (openSUSE-2017-1274)
This update for shadowsocks-libev fixes the following issues : Security issue fixed : - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic,...
shadowsocks-libev command execution vulnerability
shadowsocks-libev is a SOCKS5 proxy for embedded devices written in C. ss-manager is one of the ss management tools. A security vulnerability exists in the manager.c file of ss-manager in shadowsocks-libev version 3.1.0. An attacker can exploit this vulnerability to execute commands...
Debian DSA-4009-1 : shadowsocks-libev - security update
Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...
[SECURITY] [DSA 4009-1] shadowsocks-libev security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4009-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2017 https://www.debian.org/security/faq -...
DSA-4009-1 shadowsocks-libev - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4009-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2017-15924
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...
Command injection
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...
CVE-2017-15924
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...