Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 638420 (CVE-2017-1000215)

Summary: <net-libs/xrootd-4.8.3: Shell command injection vulnerability
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: sci-physics
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+ cve]
Package list:
=net-libs/xrootd-4.8.3
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-11-22 03:27:17 UTC 
CVE-2017-1000215 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000215):
  ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated
  shell command injection resulting in remote code execution
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-22 03:29:33 UTC 
@Maintainers please call for stabilization when ready.

Thank you
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-12-04 22:09:08 UTC 
@arches, please stabilize.
Comment 3 Agostino Sarubbo gentoo-dev 2018-12-05 09:38:31 UTC 
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-12-07 02:43:52 UTC 
x86 stable
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 02:02:39 UTC 
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Comment 6 Guilherme Amadio gentoo-dev 2019-03-13 13:48:22 UTC 
Since xrootd-4.8.3 is now stable, I dropped earlier versions from the tree and bumped unstable to 4.9.0.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2019-03-14 01:36:49 UTC 
This issue was resolved and addressed in
 GLSA 201903-11 at https://security.gentoo.org/glsa/201903-11
by GLSA coordinator Aaron Bauman (b-man).