Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

The remote host is affected by the vulnerability described in GLSA-201806-07 (Transmission: Remote code execution)

    A vulnerability was discovered in how Transmission handles access       control through the X-Transmission-Session-Id.
  Impact :

    A remote attacker could execute arbitrary RFC commands or consequently       conduct a DNS rebinding attack.
  Workaround :

    There is no known workaround at this time.

Transmission relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. (CVE-2018-5702)

Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

For Debian 7 'Wheezy', these problems have been fixed in version 2.52-3+nmu3.

We recommend that you upgrade your transmission packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2018-5702 (Mitigate dns rebinding attacks against daemon)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3533-1 advisory.

    It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and     allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

ID	Name	Product	Family	Severity
110616	GLSA-201806-07 : Transmission: Remote code execution	Nessus	Gentoo Local Security Checks	high
106695	Amazon Linux AMI : transmission (ALAS-2018-950)	Nessus	Amazon Linux Local Security Checks	high
106173	Debian DLA-1246-1 : transmission security update	Nessus	Debian Local Security Checks	high
106113	Fedora 27 : transmission (2018-d1e263e68e)	Nessus	Fedora Local Security Checks	high
106096	Ubuntu 14.04 LTS / 16.04 LTS : Transmission vulnerability (USN-3533-1)	Nessus	Ubuntu Local Security Checks	high
105802	Debian DSA-4087-1 : transmission - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2018-5702

high

Tenable Plugins

high

high

high

high

high

high