Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Gentoo Linux Security Advisory 202402-32[6]
- Authored by Gentoo[7] | Site security.gentoo.org[8]
-
Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.
- systems | linux[9], gentoo[10]
- advisories | CVE-2021-38173[11]
- SHA-256 |
541c91cbae2bbeff664c40b186f2e6845d7a7c1c92d2bd88862f97150c95f02e
- Download[12] | Favorite[13] | View[14]
Change Mirror[15] Download[16]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: btrbk: Remote Code Execution
Date: February 26, 2024
Bugs: #806962
ID: 202402-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in btrbk which can lead to remote
code execution.
Background
==========
btrbk is a backup tool for btrfs subvolumes, taking advantage of btrfs
specific capabilities to create atomic snapshots and transfer them
incrementally to your backup locations.
Affected packages
=================
Package Vulnerable Unaffected
---------------- ------------ ------------
app-backup/btrbk < 0.31.2 >= 0.31.2
Description
===========
A vulnerability has been discovered in btrbk. Please review the CVE
identifier referenced below for details.
Impact
======
Specialy crafted commands may be executed without being propely checked.
Applies to remote hosts filtering ssh commands using ssh_filter_btrbk.sh
in authorized_keys.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All btrbk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-backup/btrbk-0.31.2"
References
==========
[ 1 ] CVE-2021-38173
https://nvd.nist.gov/vuln/detail/CVE-2021-38173
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-32
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed toCette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
File Tags
- ActiveX[22] (933)
- Advisory[23] (84,277)
- Arbitrary[24] (16,559)
- BBS[25] (2,859)
- Bypass[26] (1,815)
- CGI[27] (1,032)
- Code Execution[28] (7,568)
- Conference[29] (687)
- Cracker[30] (844)
- CSRF[31] (3,369)
- DoS[32] (24,339)
- Encryption[33] (2,381)
- Exploit[34] (52,561)
- File Inclusion[35] (4,242)
- File Upload[36] (982)
- Firewall[37] (822)
- Info Disclosure[38] (2,830)
- Intrusion Detection[39] (905)
- Java[40] (3,114)
- JavaScript[41] (887)
- Kernel[42] (6,933)
- Local[43] (14,648)
- Magazine[44] (586)
- Overflow[45] (12,976)
- Perl[46] (1,430)
- PHP[47] (5,170)
- Proof of Concept[48] (2,364)
- Protocol[49] (3,686)
- Python[50] (1,590)
- Remote[51] (31,260)
- Root[52] (3,613)
- Rootkit[53] (519)
- Ruby[54] (616)
- Scanner[55] (1,647)
- Security Tool[56] (7,962)
- Shell[57] (3,231)
- Shellcode[58] (1,216)
- Sniffer[59] (899)
- Spoof[60] (2,253)
- SQL Injection[61] (16,480)
- TCP[62] (2,420)
- Trojan[63] (688)
- UDP[64] (896)
- Virus[65] (668)
- Vulnerability[66] (32,441)
- Web[67] (9,830)
- Whitepaper[68] (3,767)
- x86[69] (966)
- XSS[70] (18,121)
- Other[71]
File Archives
- February 2024[72]
- January 2024[73]
- December 2023[74]
- November 2023[75]
- October 2023[76]
- September 2023[77]
- August 2023[78]
- July 2023[79]
- June 2023[80]
- May 2023[81]
- April 2023[82]
- March 2023[83]
- Older[84]
Systems
- AIX[85] (429)
- Apple[86] (2,060)
- BSD[87] (375)
- CentOS[88] (57)
- Cisco[89] (1,926)
- Debian[90] (6,975)
- Fedora[91] (1,693)
- FreeBSD[92] (1,246)
- Gentoo[93] (4,462)
- HPUX[94] (880)
- iOS[95] (369)
- iPhone[96] (108)
- IRIX[97] (220)
- Juniper[98] (69)
- Linux[99] (48,693)
- Mac OS X[100] (691)
- Mandriva[101] (3,105)
- NetBSD[102] (256)
- OpenBSD[103] (487)
- RedHat[104] (15,147)
- Slackware[105] (941)
- Solaris[106] (1,611)
- SUSE[107] (1,444)
- Ubuntu[108] (9,307)
- UNIX[109] (9,371)
- UnixWare[110] (187)
- Windows[111] (6,630)
- Other[112]
- Services
- Security Services[123]
- Hosting By
- Rokasec[124]
Read more https://packetstormsecurity.com/files/177297/glsa-202402-32.txt