Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650020 (CVE-2017-15108) - <app-emulation/spice-vdagent-0.17.0_p20180319: Arbitrary command injection
Summary: <app-emulation/spice-vdagent-0.17.0_p20180319: Arbitrary command injection
Status: RESOLVED FIXED
Alias: CVE-2017-15108
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on: 651102
Blocks:
  Show dependency tree
 
Reported: 2018-03-09 15:40 UTC by GLSAMaker/CVETool Bot
Modified: 2018-05-22 23:06 UTC (History)
2 users (show)

See Also:
Package list:
app-emulation/spice-vdagent-0.17.0_p20180319-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-09 15:40:51 UTC 
CVE-2017-15108 (https://nvd.nist.gov/vuln/detail/CVE-2017-15108):
  spice-vdagent up to and including 0.17.0 does not properly escape save
  directory before passing to shell, allowing local attacker with access to
  the session the agent runs in to inject arbitrary commands to be executed.
Comment 1 Larry the Git Cow gentoo-dev 2018-03-19 16:09:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2209aa7d8367d86752cd4c059b25951f4a20c597

commit 2209aa7d8367d86752cd4c059b25951f4a20c597
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2018-03-19 16:06:08 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2018-03-19 16:09:45 +0000

    app-emulation/spice-vdagent: version bump to 0.17.0_p20180319
    
    Bug: https://bugs.gentoo.org/650020
    
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-emulation/spice-vdagent/Manifest               |  1 +
 .../spice-vdagent-0.17.0_p20180319.ebuild          | 70 ++++++++++++++++++++++
 2 files changed, 71 insertions(+)}
Comment 2 Matthias Maier gentoo-dev 2018-03-19 16:13:04 UTC 
Let's stabilize app-emulation/spice-vdagent-0.17.0_p20180319 that contains the upstream patches for CVE-2017-15108.
Comment 3 Agostino Sarubbo gentoo-dev 2018-03-19 19:50:39 UTC 
amd64 stable
Comment 4 Stabilization helper bot gentoo-dev 2018-03-27 08:00:38 UTC 
An automated check of this bug failed - the following atom is unknown:

app-emulation/spice-vdagent-0.17.0_p20180319

Please verify the atom list.
Comment 5 Stabilization helper bot gentoo-dev 2018-03-27 14:00:27 UTC 
An automated check of this bug succeeded - the previous repoman errors are now resolved.
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-29 15:23:39 UTC 
x86 stable
Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-08 17:30:15 UTC 
New GLSA Request filed,

@Maintainers please remove vulnerable versions.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 23:34:10 UTC 
This issue was resolved and addressed in
 GLSA 201804-09 at https://security.gentoo.org/glsa/201804-09
by GLSA coordinator Aaron Bauman (b-man).
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2018-04-08 23:35:28 UTC 
re-opened for cleanup
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2018-04-23 03:01:32 UTC 
please clean
Comment 11 Larry the Git Cow gentoo-dev 2018-05-22 23:06:15 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7d5d482ce1df9920ce0e34e5735ba2ea88107d0

commit a7d5d482ce1df9920ce0e34e5735ba2ea88107d0
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-05-22 23:05:48 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-05-22 23:06:08 +0000

    app-emulation/spice-vdagent: drop vulnerable
    
    Bug: https://bugs.gentoo.org/650020
    Package-Manager: Portage-2.3.38, Repoman-2.3.9

 .../spice-vdagent/spice-vdagent-0.17.0.ebuild      | 63 ----------------------
 1 file changed, 63 deletions(-)