Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 806962 (CVE-2021-38173) - <app-backup/btrbk-0.31.2: remote execution in ssh_filter_btrbk.sh (CVE-2021-38173)
Summary: <app-backup/btrbk-0.31.2: remote execution in ssh_filter_btrbk.sh (CVE-2021-3...
Status: RESOLVED FIXED
Alias: CVE-2021-38173
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C2 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-07 09:38 UTC by Jannik Glückert
Modified: 2024-02-26 12:53 UTC (History)
2 users (show)

See Also:
Package list:
app-backup/btrbk-0.31.2 amd64 x86 arm arm64 sys-block/mbuffer-20200929 arm64
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jannik Glückert 2021-08-07 09:38:37 UTC 
btrbk 0.31.2 fixed the following vulnerability, introduced in 0.23.0:

 ssh_filter_btrbk.sh: Fix security vulnerability.
 Specialy crafted commands may be executed without being propely
 checked. Applies to remote hosts filtering ssh commands using
 ssh_filter_btrbk.sh in authorized_keys.

Default configurations are not affected by this.

Upstream commit:

https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584
Comment 1 NATTkA bot gentoo-dev 2021-08-07 09:40:20 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-08-07 10:08:22 UTC Comment hidden (obsolete)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-07 14:28:59 UTC 
Nice spot, Jannik!

Ready to stable, candrews?
Comment 4 Craig Andrews gentoo-dev 2021-08-07 14:42:33 UTC 
Nice catch!

Let's do it.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-07 14:50:42 UTC 
(In reply to Craig Andrews from comment #4)
> Nice catch!
> 
> Let's do it.

Cheers!
Comment 6 Agostino Sarubbo gentoo-dev 2021-08-08 07:45:41 UTC 
amd64 stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-09 00:35:24 UTC 
arm done
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-09 00:38:55 UTC 
arm64 done
Comment 9 Agostino Sarubbo gentoo-dev 2021-08-11 06:44:21 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 10 NATTkA bot gentoo-dev 2021-09-04 17:36:26 UTC 
Unable to check for sanity:

> no match for package: sys-block/mbuffer-20200929
Comment 11 Larry the Git Cow gentoo-dev 2021-10-17 20:39:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3beef0aac4992903418b978f7c643330ac91a6c

commit e3beef0aac4992903418b978f7c643330ac91a6c
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-10-17 16:20:02 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-10-17 20:36:28 +0000

    app-backup/btrbk: drop 0.29.1
    
    Bug: https://bugs.gentoo.org/806962
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-backup/btrbk/Manifest            |  1 -
 app-backup/btrbk/btrbk-0.29.1.ebuild | 76 ------------------------------------
 2 files changed, 77 deletions(-)
Comment 12 Larry the Git Cow gentoo-dev 2024-02-26 12:53:29 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0ee61b1ed441ab2406d6bf942ad340257740ad9a

commit 0ee61b1ed441ab2406d6bf942ad340257740ad9a
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-26 12:53:03 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-26 12:53:25 +0000

    [ GLSA 202402-32 ] btrbk: Remote Code Execution
    
    Bug: https://bugs.gentoo.org/806962
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-32.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)