cbcvebase.
CVE-2021-38173
published 2021-08-07

CVE-2021-38173: Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.16%
86.3th percentile
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianbtrbk< btrbk 0.27.1-2 (bookworm)btrbk 0.27.1-2 (bookworm)
debiandebian_linux
digintbtrbk< 0.31.20.31.2
digintbtrbk>= 0 < 0.27.1-1.1+deb11u10.27.1-1.1+deb11u1
digintbtrbk>= 0 < 0.27.1-20.27.1-2
digintbtrbk>= 0 < 0.27.1-20.27.1-2
digintbtrbk>= 0 < 0.27.1-20.27.1-2
fedoraprojectfedora
fedoraprojectfedora

Detection & IOCsextracted from sources · hover to see the quote

filenamessh_filter_btrbk.sh
  • Look for misuse or bypass of ssh_filter_btrbk.sh as a forced command in SSH authorized_keys files, which may allow unintended command execution on remote hosts running btrbk before version 0.31.2.
  • Audit SSH authorized_keys files for entries referencing ssh_filter_btrbk.sh as a command= restriction; vulnerable configurations may permit unfiltered command execution.
  • ·The vulnerability is local in scope; exploitation requires access to an SSH key or authorized_keys entry that invokes ssh_filter_btrbk.sh as a forced command.
  • ·Fixed in btrbk 0.31.2 upstream; Debian packages resolved at 0.27.1-2 (bookworm/forky/sid/trixie) and 0.27.1-1.1+deb11u1 (bullseye). Ensure deployed versions meet or exceed these fix versions.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.