USN-6711-1: CRM shell vulnerability
First published: Mon Mar 25 2024(Updated: )
Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/crmsh | <4.2.0-2ubuntu1.1 | 4.2.0-2ubuntu1.1 |
| Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-6711-1?
USN-6711-1 is classified as a high severity vulnerability due to the potential for arbitrary code execution.
How do I fix USN-6711-1?
To fix USN-6711-1, update the crmsh package to version 4.2.0-2ubuntu1.1 or later.
What systems are affected by USN-6711-1?
USN-6711-1 affects Ubuntu 20.04 systems with an unpatched version of the crmsh package.
What exploit method is used in USN-6711-1?
USN-6711-1 can be exploited by local attackers using shell code injection via the crm history command line.
Who discovered the vulnerability noted in USN-6711-1?
The vulnerability in USN-6711-1 was discovered by Vincent Berg.
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/type
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/20.04