Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 628724 - app-admin/supervisor: RCE Vulnerability (CVE-2017-11610)
Summary: app-admin/supervisor: RCE Vulnerability (CVE-2017-11610)
Status: RESOLVED DUPLICATE of bug 626100
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [ebuild]
Depends on:
Reported: 2017-08-23 16:36 UTC by D'juan McDonald (domhnall)
Modified: 2017-08-23 16:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-08-23 16:36:46 UTC
From $URL:

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

CVE Details:
Comment 1 D'juan McDonald (domhnall) 2017-08-23 16:39:56 UTC
@security, I'm noting the possible fixed version in tree as 3.1.4, however it's unclear atm if same vulnerability applies to package or not, so im reporting because it's a new CVE.
Comment 2 D'juan McDonald (domhnall) 2017-08-23 16:49:35 UTC

@security, fixes were applied for exact cve on (2017-07-24) as noted here:

Also, this report may be a duplicate of:

please follow procedure to close on report, thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 3 D'juan McDonald (domhnall) 2017-08-23 16:56:31 UTC

*** This bug has been marked as a duplicate of bug 626100 ***