Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15121

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

Published

2020-07-20T18:15:12.187

Last Modified

2024-11-21T05:04:51.953

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	radare	radare2	< 4.5.0	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes

References

https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 Patch, Third Party Advisory ([email protected])
https://github.com/radareorg/radare2/issues/16945 Third Party Advisory ([email protected])
https://github.com/radareorg/radare2/pull/16966 Third Party Advisory ([email protected])
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/ ([email protected])
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/radareorg/radare2/issues/16945 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/radareorg/radare2/pull/16966 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/ (af854a3a-2127-422b-91ae-364da2661108)