CVE-2017-15108 — OS Command Injection in Spice-vdagent

CWE-78 — OS Command Injection7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 65.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spice-space Spice-vdagent Debian Spice-vdagent RED HAT INC Spice-vdagent +1 more

Timeline

PublishedJan 20

Latest updateMay 13

Description

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/spice-vdagent< spice-vdagent 0.18.0-1 (bookworm)

▶Debianspice-space/spice-vdagent< 0.18.0-1+3

▶NVDspice-space/spice-vdagent0.17.0

▶CVEListV5red_hat_inc/spice-vdagentup to and including 0.17.0

Also affects: Debian Linux 9.0

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-rx22-vq3w-89rg: spice-vdagent up to and including 0↗2022-05-13

▶

OSV

CVE-2017-15108: spice-vdagent up to and including 0↗2018-01-20

▶

📋Vendor Advisories

Debian

CVE-2017-15108: spice-vdagent - spice-vdagent up to and including 0.17.0 does not properly escape save directory...↗2017

▶

Red Hat

spice-vdagent: Improper validation of xfers->save_dir in vdagent_file_xfers_data()↗

▶

💬Community

Bugzilla

CVE-2017-15108 spice-vdagent: Improper validation of xfers->save_dir in vdagent_file_xfers_data() [fedora-all]↗2017-11-29

▶

Bugzilla

CVE-2017-15108 spice-vdagent: Improper validation of xfers->save_dir in vdagent_file_xfers_data()↗2017-11-08

▶