OS Command Injection in libssh (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-14889 |
| CWE-ID | CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Tivoli Storage Manager Server applications / File servers (FTP/HTTP) libssh (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor |
IBM Corporation Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) OS Command Injection
EUVDB-ID: #VU23508
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-14889
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to incorrect handling of the SCP command parameters when initiating the connection within the ssh_scp_new() function. A remote attacker can trick victim into using a specially crafted SCP command to connect to a remote SCP server and execute arbitrary commands on the target server with privileges of the current user.
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Storage Manager: 7.1.5.200
libssh (Alpine package): 2.6-3
libssh (Alpine package): 2.8.11 - 2.11.4
libssh (Alpine package): 0.5.4-0ubuntu1 - 0.5.6-0ubuntu1
libssh (Alpine package): 1.7.11
libssh (Alpine package): 0.3.2.2
libssh (Alpine package): 3.1.2
libssh (Alpine package): 20101020ubuntu352 - 20101020ubuntu457
libssh (Alpine package): 1.22ubuntu8
libssh (Alpine package): 0.61
libssh (Alpine package): 7.0.9
libssh (Alpine package): 7.16.2-6ubuntu3 - 7.16.2-6ubuntu4
libssh (Alpine package): 2.2.1-46-g10887d272-1
libssh (Alpine package): 3 - 8
libssh (Alpine package): 8.21-1ubuntu1 - 8.21-1
libssh (Alpine package): 1.70ubuntu6 - 1.70ubuntu8
libssh (Alpine package): 1.2.0-1
libssh (Alpine package): 2.0.2-1
libssh (Alpine package): 2.3.3.4-1
libssh (Alpine package): 1.02-3 - 1.02-4
libssh (Alpine package): 0.2.60
libssh (Alpine package): 7.9.1
libssh (Alpine package): 6.6.7-2
libssh (Alpine package): 8.1
libssh (Alpine package): 9.0.1
libssh (Alpine package): 7.0.1
libssh (Alpine package): 2007
libssh (Alpine package): 5.3p1
libssh (Alpine package): 3.0.1
libssh (Alpine package):
libssh (Alpine package): before 0.7.6-r1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.6-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.8.11:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.8.14:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.11.4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:0.5.4-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:0.5.6-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:1.7.11:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:0.3.2.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:3.1.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:20101020ubuntu352:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:1.22ubuntu8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:0.61:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:7.0.9:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:7.16.2-6ubuntu3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.2.1-46-g10887d272-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:8.21-1ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:1.70ubuntu6:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:1.2.0-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.0.2-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2.3.3.4-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:1.02-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:0.2.60:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:7.9.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:6.6.7-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:8.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:9.0.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:7.0.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:2007:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:5.3p1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:3.0.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package::*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:libssh_alpine_package:*:*:*:*:*:alpine_linux:*:3.8
https://git.alpinelinux.org/aports/commit/?id=820819767d77749d1d95a6aad09459ea4b95805c
https://git.alpinelinux.org/aports/commit/?id=aff6dec3dfa146ec68965e709c3e2dad1020c0a3
https://git.alpinelinux.org/aports/commit/?id=981d44c46ea20fd4e9e399ee666437a7fdf2d574
https://git.alpinelinux.org/aports/commit/?id=f853c4e3ca0c6161fd59ddb75b3f4e57c2d024f5
https://git.alpinelinux.org/aports/commit/?id=4e617546654863ca795146a23e2e4c5037c7fa9f
https://git.alpinelinux.org/aports/commit/?id=94410d4589eefca6191eb868fe534c981d9454c3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
