CVE-2021-38173
published 2021-08-07CVE-2021-38173: Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.16%
86.3th percentile
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | btrbk | < btrbk 0.27.1-2 (bookworm) | btrbk 0.27.1-2 (bookworm) |
| debian | debian_linux | — | — |
| digint | btrbk | < 0.31.2 | 0.31.2 |
| digint | btrbk | >= 0 < 0.27.1-1.1+deb11u1 | 0.27.1-1.1+deb11u1 |
| digint | btrbk | >= 0 < 0.27.1-2 | 0.27.1-2 |
| digint | btrbk | >= 0 < 0.27.1-2 | 0.27.1-2 |
| digint | btrbk | >= 0 < 0.27.1-2 | 0.27.1-2 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for misuse or bypass of ssh_filter_btrbk.sh as a forced command in SSH authorized_keys files, which may allow unintended command execution on remote hosts running btrbk before version 0.31.2. ↗
- →Audit SSH authorized_keys files for entries referencing ssh_filter_btrbk.sh as a command= restriction; vulnerable configurations may permit unfiltered command execution. ↗
- ·The vulnerability is local in scope; exploitation requires access to an SSH key or authorized_keys entry that invokes ssh_filter_btrbk.sh as a forced command. ↗
- ·Fixed in btrbk 0.31.2 upstream; Debian packages resolved at 0.27.1-2 (bookworm/forky/sid/trixie) and 0.27.1-1.1+deb11u1 (bullseye). Ensure deployed versions meet or exceed these fix versions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c38g-xjq6-3v46: Btrbk before 0
ghsa_unreviewed·2022-05-24
CVE-2021-38173 [CRITICAL] CWE-77 GHSA-c38g-xjq6-3v46: Btrbk before 0
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
OSV
CVE-2021-38173: Btrbk before 0
osv·2021-08-07·CVSS 9.8
CVE-2021-38173 [CRITICAL] CVE-2021-38173: Btrbk before 0
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
Debian
CVE-2021-38173: btrbk - Btrbk before 0.31.2 allows command execution because of the mishandling of remot...
vendor_debian·2021·CVSS 9.8
CVE-2021-38173 [CRITICAL] CVE-2021-38173: btrbk - Btrbk before 0.31.2 allows command execution because of the mishandling of remot...
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
Scope: local
bookworm: resolved (fixed in 0.27.1-2)
bullseye: resolved (fixed in 0.27.1-1.1+deb11u1)
forky: resolved (fixed in 0.27.1-2)
sid: resolved (fixed in 0.27.1-2)
trixie: resolved (fixed in 0.27.1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/digint/btrbk/blob/master/ChangeLoghttps://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584https://lists.debian.org/debian-lts-announce/2021/09/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP2T32JMENJFRP2HWXR7FTTZVRTTPECL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM7GLTUN5YS4KE2RNBX732EAMVVGNEX3/https://github.com/digint/btrbk/blob/master/ChangeLoghttps://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584https://lists.debian.org/debian-lts-announce/2021/09/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP2T32JMENJFRP2HWXR7FTTZVRTTPECL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM7GLTUN5YS4KE2RNBX732EAMVVGNEX3/
2021-08-07
Published