Vulnerability Details CVE-2017-1000215
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
Exploit prediction scoring system (EPSS) score
EPSS Score 0.071
EPSS Ranking 91.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://github.com/xrootd/xrootd/blob/befa2e627a5a33a38c92db3e57c07d8246a24acf/src/XrdSecgsi/XrdSecgsiGMAPFunLDAP.cc#L85
- https://github.com/xrootd/xrootd/blob/v4.6.1/docs/ReleaseNotes.txt
- https://github.com/xrootd/xrootd/commit/befa2e627a5a33a38c92db3e57c07d8246a24acf
- https://security.gentoo.org/glsa/201903-11
- https://github.com/xrootd/xrootd/blob/befa2e627a5a33a38c92db3e57c07d8246a24acf/src/XrdSecgsi/XrdSecgsiGMAPFunLDAP.cc#L85
- https://github.com/xrootd/xrootd/blob/v4.6.1/docs/ReleaseNotes.txt
- https://github.com/xrootd/xrootd/commit/befa2e627a5a33a38c92db3e57c07d8246a24acf
- https://security.gentoo.org/glsa/201903-11