[Bug 1071709] VUL-0: CVE-2017-17459: fossil: client-side code execution via specially crafted ssh:// URL (ProxyCommand)

7 Dec 2017

      http://bugzilla.opensuse.org/show_bug.cgi?id=1071709
http://bugzilla.opensuse.org/show_bug.cgi?id=1071709#c4

Andreas Stieger  changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|VUL-0: fossil: client-side  |VUL-0: CVE-2017-17459:
                   |code execution via          |fossil: client-side code
                   |specially crafted ssh://    |execution via specially
                   |URL (ProxyCommand)          |crafted ssh:// URL
                   |                            |(ProxyCommand)
              Alias|                            |CVE-2017-17459

--- Comment #4 from Andreas Stieger  ---
CVE-2017-17459 assigned for:

http_transport.c in Fossil before 2.4, when the SSH sync protocol is
used, allows user-assisted remote attackers to execute arbitrary commands via
an ssh
URL with an initial dash character in the hostname, a related issue to
CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,
CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1071709] VUL-0: CVE-2017-17459: fossil: client-side code execution via specially crafted ssh:// URL (ProxyCommand)

bugzilla_noreply＠novell.com