Vulnerabilities > CVE-2017-1000117 - Open Redirect vulnerability in Git-Scm GIT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fake the Source of Data An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Exploit-Db
description | Git < 2.7.5 - Command Injection (Metasploit). CVE-2017-1000117. Remote exploit for Python platform. Tags: Metasploit Framework |
file | exploits/python/remote/42599.rb |
id | EDB-ID:42599 |
last seen | 2017-09-01 |
modified | 2017-08-31 |
platform | python |
port | |
published | 2017-08-31 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42599/ |
title | Git < 2.7.5 - Command Injection (Metasploit) |
type | remote |
Metasploit
description | This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised. |
id | MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_COMMAND_EXEC |
last seen | 2020-05-31 |
modified | 2019-03-29 |
published | 2017-08-11 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/git_submodule_command_exec.rb |
title | Malicious Git HTTP Server For CVE-2017-1000117 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2674.NASL description An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Mobile Application Platform (RHMAP) 4.5 is delivered as a set of Docker-formatted container images. In addition to the images, several components are delivered as RPMs : * OpenShift templates used to deploy an RHMAP Core and MBaaS * The fh-system-dump-tool allows you to analyze all the projects running in an OpenShift cluster and reports any problems discovered. For more information, see the Operations Guide The following RPMs are included in the RHMAP container images, and are provided here only for completeness : * The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image. This release serves as an update for Red Hat Mobile Application Platform 4.4.3. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.5.0 Release Notes for information about the most significant bug fixes and enhancements included in this release. Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 103349 published 2017-09-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103349 title RHEL 7 : Mobile Application Platform (RHSA-2017:2674) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2674. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(103349); script_version("3.11"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2017-1000117", "CVE-2017-7552", "CVE-2017-7553", "CVE-2017-7554"); script_xref(name:"RHSA", value:"2017:2674"); script_name(english:"RHEL 7 : Mobile Application Platform (RHSA-2017:2674)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Mobile Application Platform (RHMAP) 4.5 is delivered as a set of Docker-formatted container images. In addition to the images, several components are delivered as RPMs : * OpenShift templates used to deploy an RHMAP Core and MBaaS * The fh-system-dump-tool allows you to analyze all the projects running in an OpenShift cluster and reports any problems discovered. For more information, see the Operations Guide The following RPMs are included in the RHMAP container images, and are provided here only for completeness : * The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image. This release serves as an update for Red Hat Mobile Application Platform 4.4.3. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.5.0 Release Notes for information about the most significant bug fixes and enhancements included in this release. Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) * A flaw was discovered in the file editor of millicore which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation. (CVE-2017-7552) * The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources and access restricted endpoints. (CVE-2017-7553) * A flaw was found where the App Studio component of RHMAP 4.4 executes JavaScript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. (CVE-2017-7554) Red Hat would like to thank Tomas Rzepka for reporting CVE-2017-7552, CVE-2017-7553 and CVE-2017-7554." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-US/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:2674" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-1000117" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-7552" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-7553" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-7554" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fh-system-dump-tool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fping"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fping-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-apt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-breeze"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-by_ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-cluster"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dbi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dig"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-disk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-disk_smb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dns"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dummy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-file_age"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-flexlm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-fping"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-game"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-hpjd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-http"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-icmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ide_smart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ifoperstatus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ifstatus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ircd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-log"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mailq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mrtg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mrtgtraf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-nagios"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-nt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ntp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ntp-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-nwstat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-oracle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-overcr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ping"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-procs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-radius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-real"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-rpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-sensors"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-smtp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-swap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-tcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-time"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-uptime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-users"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-wave"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-DES"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-DES-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Net-SNMP"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:phantomjs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:phantomjs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-meld3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-meld3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qstat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qstat-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redis"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redis-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhmap-fh-openshift-templates"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhmap-mod_authnz_external"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhmap-mod_authnz_external-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendEmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ssmtp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ssmtp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:supervisor"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:2674"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"rhmap-fh-openshift-templates"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mobile Application Platform"); if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"fh-system-dump-tool-1.0.0-5.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"fping-3.10-4.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"fping-debuginfo-3.10-4.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-4.0.8-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-common-4.0.8-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-debuginfo-4.0.8-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-devel-4.0.8-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-all-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-apt-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-breeze-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-by_ssh-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-cluster-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dbi-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-debuginfo-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dhcp-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dig-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-disk-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-disk_smb-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dns-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dummy-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-file_age-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-flexlm-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-fping-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-game-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-hpjd-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-http-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-icmp-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ide_smart-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ifoperstatus-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ifstatus-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ircd-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ldap-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-load-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-log-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mailq-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mrtg-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mrtgtraf-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mysql-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-nagios-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-nt-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ntp-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ntp-perl-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-nwstat-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-oracle-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-overcr-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-perl-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-pgsql-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ping-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-procs-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-radius-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-real-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-rpc-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-sensors-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-smtp-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-snmp-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ssh-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-swap-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-tcp-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-time-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ups-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-uptime-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-users-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-wave-2.0.3-3.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"perl-Crypt-CBC-2.33-2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perl-Crypt-DES-2.05-20.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perl-Crypt-DES-debuginfo-2.05-20.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"perl-Net-SNMP-6.0.1-7.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"phantomjs-1.9.7-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"phantomjs-debuginfo-1.9.7-3.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-meld3-0.6.10-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-meld3-debuginfo-0.6.10-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"qstat-2.11-13.20080912svn311.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"qstat-debuginfo-2.11-13.20080912svn311.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-0.5.6-9.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-debuginfo-0.5.6-9.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-devel-0.5.6-9.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-utils-0.5.6-9.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redis-2.8.21-2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redis-debuginfo-2.8.21-2.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"rhmap-fh-openshift-templates-4.5.0-11.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rhmap-mod_authnz_external-3.3.1-7.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rhmap-mod_authnz_external-debuginfo-3.3.1-7.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"sendEmail-1.56-2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ssmtp-2.64-14.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ssmtp-debuginfo-2.64-14.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"supervisor-3.1.3-3.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fh-system-dump-tool / fping / fping-debuginfo / nagios / etc"); } }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1D33CDEE7F6B11E7A9B53DEBB10A6871.NASL description Mercurial Release Notes : CVE-2017-1000115 Mercurial last seen 2020-06-01 modified 2020-06-02 plugin id 102465 published 2017-08-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102465 title FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2019 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(102465); script_version("3.6"); script_cvs_date("Date: 2019/05/13 11:02:56"); script_cve_id("CVE-2017-1000115", "CVE-2017-1000116"); script_name(english:"FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Mercurial Release Notes : CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with -oProxyCommand. This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed." ); # https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?425a5664" ); # https://vuxml.freebsd.org/freebsd/1d33cdee-7f6b-11e7-a9b5-3debb10a6871.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0f656efa" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mercurial"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/10"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"mercurial<4.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2017-8BA7572CFD.NASL description Resolve an arbitrary code execution vulnerability via crafted last seen 2020-06-05 modified 2017-08-14 plugin id 102458 published 2017-08-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102458 title Fedora 25 : git (2017-8ba7572cfd) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-8ba7572cfd. # include("compat.inc"); if (description) { script_id(102458); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000117"); script_xref(name:"FEDORA", value:"2017-8ba7572cfd"); script_name(english:"Fedora 25 : git (2017-8ba7572cfd)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL (CVE-2017-1000117). From the [release announcement](https://public-inbox.org/git/[email protected] v.corp.google.com/) : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. Credits to find and fix the issue go to Brian Neel at GitLab, Joern Schneeweisz of Recurity Labs and Jeff King at GitHub. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8ba7572cfd" ); script_set_attribute(attribute:"solution", value:"Update the affected git package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"git-2.9.5-1.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-223-01.NASL description New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102432 published 2017-08-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102432 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2017-223-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2017-223-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(102432); script_version("3.5"); script_cvs_date("Date: 2019/04/10 16:10:18"); script_cve_id("CVE-2017-1000117"); script_xref(name:"SSA", value:"2017-223-01"); script_name(english:"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2017-223-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.575003 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d076e967" ); script_set_attribute(attribute:"solution", value:"Update the affected git package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"13.0", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"14.0", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"git", pkgver:"2.14.1", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"git", pkgver:"2.14.1", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2484.NASL description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102769 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102769 title CentOS 7 : git (CESA-2017:2484) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2484 and # CentOS Errata and Security Advisory 2017:2484 respectively. # include("compat.inc"); if (description) { script_id(102769); script_version("3.9"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2017-1000117"); script_xref(name:"RHSA", value:"2017:2484"); script_name(english:"CentOS 7 : git (CESA-2017:2484)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)" ); # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004660.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?661d5094" ); script_set_attribute(attribute:"solution", value:"Update the affected git packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-bzr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-hg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-p4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git-SVN"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-el-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-all-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-bzr-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-cvs-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-daemon-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-email-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-gui-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-hg-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-p4-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-svn-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitk-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitweb-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-1.8.3.1-12.el7_4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-SVN-1.8.3.1-12.el7_4")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1420.NASL description According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs last seen 2020-06-01 modified 2020-06-02 plugin id 124923 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124923 title EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124923); script_version("1.5"); script_cvs_date("Date: 2019/06/27 13:33:25"); script_cve_id( "CVE-2014-9938", "CVE-2015-7545", "CVE-2016-2315", "CVE-2016-2324", "CVE-2017-1000117", "CVE-2017-14867", "CVE-2018-11235", "CVE-2018-17456" ); script_name(english:"EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235) - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117) - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.(CVE-2017-14867) - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.(CVE-2014-9938) - An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2324) - A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.(CVE-2015-7545) - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.(CVE-2018-17456) - An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2315) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1420 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8375b968"); script_set_attribute(attribute:"solution", value: "Update the affected git packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["git-1.8.3.1-20.h1", "perl-Git-1.8.3.1-20.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2320-1.NASL description This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102914 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102914 title SUSE SLES12 Security Update : git (SUSE-SU-2017:2320-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:2320-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(102914); script_version("3.8"); script_cvs_date("Date: 2019/09/11 11:22:16"); script_cve_id("CVE-2017-1000117"); script_name(english:"SUSE SLES12 Security Update : git (SUSE-SU-2017:2320-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052481" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1000117/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20172320-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?40ec5247" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud 6:zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1429=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1429=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1429=1 SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1429=1 SUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2017-1429=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1429=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1429=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1429=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1429=1 SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2017-1429=1 SUSE Container as a Service Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2017-1429=1 OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1429=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"git-core-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"git-debugsource-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"git-core-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"git-debugsource-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"git-core-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"git-debugsource-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"git-core-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"git-debugsource-2.12.3-27.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2485.NASL description An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102549 published 2017-08-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102549 title CentOS 6 : git (CESA-2017:2485) NASL family Windows NASL id GIT_FOR_WINDOWS_2_14_1.NASL description The version of Git for Windows installed on the remote host is version 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.6, 2.9.x prior to 2.9.5, 2.10.x prior to 2.10.4, 2.11.x prior to 2.11.13, 2.12.x prior to 2.12.4, 2.13.x prior to 2.13.5, or 2.14.x prior to 2.14.1. It is, therefore, affected by a command execution vulnerability due to a flaw in the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102494 published 2017-08-15 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102494 title Git for Windows 2.7.x < 2.7.6 / 2.8.x < 2.8.6 / 2.9.x < 2.9.5 / 2.10.x < 2.10.4 / 2.11.x < 2.11.13 / 2.12.x < 2.12.4 / 2.13.x < 2.13.5 / 2.14.x < 2.14.1 Malicious SSH URL Command Execution NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3934.NASL description Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. last seen 2020-06-01 modified 2020-06-02 plugin id 102374 published 2017-08-11 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102374 title Debian DSA-3934-1 : git - security update NASL family Scientific Linux Local Security Checks NASL id SL_20170817_GIT_ON_SL6_X.NASL description Security Fix(es) : - A shell command injection flaw related to the handling of last seen 2020-05-15 modified 2017-08-18 plugin id 102576 published 2017-08-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102576 title Scientific Linux Security Update : git on SL6.x i386/x86_64 (20170817) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2485.NASL description An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102538 published 2017-08-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102538 title RHEL 6 : git (RHSA-2017:2485) NASL family Scientific Linux Local Security Checks NASL id SL_20170817_GIT_ON_SL7_X.NASL description Security Fix(es) : - A shell command injection flaw related to the handling of last seen 2020-05-15 modified 2017-08-22 plugin id 102674 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102674 title Scientific Linux Security Update : git on SL7.x x86_64 (20170817) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-882.NASL description Command injection via malicious ssh URLs : A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102870 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102870 title Amazon Linux AMI : git (ALAS-2017-882) NASL family MacOS X Local Security Checks NASL id MACOSX_XCODE_9.NASL description The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 9.0. It is, therefore, affected by multiple remote code execution vulnerabilities in the git, Id64, and subversion components. An unauthenticated, remote attacker can exploit these vulnerabilities to cause execution of arbitrary code. last seen 2020-05-06 modified 2017-09-20 plugin id 103359 published 2017-09-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103359 title Apple Xcode < 9.0 Multiple RCE (macOS) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1187.NASL description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of last seen 2020-05-06 modified 2017-09-08 plugin id 103025 published 2017-09-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103025 title EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201709-10.NASL description The remote host is affected by the vulnerability described in GLSA-201709-10 (Git: Command injection) Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the client’s system. This is especially dangerous when the third-party repository has one or more submodules with specially crafted ‘ssh://...’ URLs. Each time the repository is recursively cloned or submodules are updated the payload will be triggered. Impact : A remote attacker, by enticing a user to clone a specially crafted repository, could possibly execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 103278 published 2017-09-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103278 title GLSA-201709-10 : Git: Command injection NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2484.NASL description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102537 published 2017-08-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102537 title RHEL 7 : git (RHSA-2017:2484) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1072.NASL description Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115 Mercurial last seen 2020-03-17 modified 2017-09-01 plugin id 102886 published 2017-09-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102886 title Debian DLA-1072-1 : mercurial security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1495.NASL description The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data exfiltration. CVE-2017-12976 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. CVE-2018-10857 git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN. CVE-2018-10859 git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user last seen 2020-06-01 modified 2020-06-02 plugin id 117296 published 2018-09-06 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117296 title Debian DLA-1495-1 : git-annex security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1188.NASL description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of last seen 2020-05-06 modified 2017-09-08 plugin id 103026 published 2017-09-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103026 title EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0120_GIT.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - A shell command injection flaw related to the handling of ssh URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a clone action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127364 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127364 title NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2019-0120) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-939.NASL description This update for git fixes the following security issues : - CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted last seen 2020-06-05 modified 2017-08-18 plugin id 102558 published 2017-08-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102558 title openSUSE Security Update : git (openSUSE-2017-939) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1144.NASL description git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. For Debian 7 last seen 2020-03-17 modified 2017-10-30 plugin id 104219 published 2017-10-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104219 title Debian DLA-1144-1 : git-annex security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2485.NASL description From Red Hat Security Advisory 2017:2485 : An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102569 published 2017-08-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102569 title Oracle Linux 6 : git (ELSA-2017-2485) NASL family Fedora Local Security Checks NASL id FEDORA_2017-B1B3AE6666.NASL description Resolve an arbitrary code execution vulnerability via crafted last seen 2020-06-05 modified 2017-08-14 plugin id 102461 published 2017-08-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102461 title Fedora 26 : git (2017-b1b3ae6666) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-988.NASL description This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-09-05 plugin id 102943 published 2017-09-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102943 title openSUSE Security Update : git (openSUSE-2017-988) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-2485.NASL description An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 119223 published 2018-11-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119223 title Virtuozzo 6 : emacs-git / emacs-git-el / git / git-all / git-cvs / etc (VZLSA-2017-2485) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1385.NASL description According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs last seen 2020-06-01 modified 2020-06-02 plugin id 124888 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124888 title EulerOS Virtualization for ARM 64 3.0.1.0 : git (EulerOS-SA-2019-1385) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2484.NASL description From Red Hat Security Advisory 2017:2484 : An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of last seen 2020-06-01 modified 2020-06-02 plugin id 102534 published 2017-08-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102534 title Oracle Linux 7 : git (ELSA-2017-2484) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3387-1.NASL description Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in last seen 2020-06-01 modified 2020-06-02 plugin id 102423 published 2017-08-11 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102423 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : git vulnerability (USN-3387-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0992-1.NASL description This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed : git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): the xinetd snippet was removed the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: last seen 2020-04-30 modified 2020-04-15 plugin id 135580 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135580 title SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1068.NASL description Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. For Debian 7 last seen 2020-03-17 modified 2017-08-28 plugin id 102788 published 2017-08-28 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102788 title Debian DLA-1068-1 : git security update
Packetstorm
data source | https://packetstormsecurity.com/files/download/143965/git_submodule_command_exec.rb.txt |
id | PACKETSTORM:143965 |
last seen | 2017-09-01 |
published | 2017-08-30 |
reporter | metasploit.com |
source | https://packetstormsecurity.com/files/143965/Malicious-GIT-HTTP-Server.html |
title | Malicious GIT HTTP Server |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.debian.org/security/2017/dsa-3934
- http://www.debian.org/security/2017/dsa-3934
- http://www.securityfocus.com/bid/100283
- http://www.securityfocus.com/bid/100283
- http://www.securitytracker.com/id/1039131
- http://www.securitytracker.com/id/1039131
- https://access.redhat.com/errata/RHSA-2017:2484
- https://access.redhat.com/errata/RHSA-2017:2484
- https://access.redhat.com/errata/RHSA-2017:2485
- https://access.redhat.com/errata/RHSA-2017:2485
- https://access.redhat.com/errata/RHSA-2017:2491
- https://access.redhat.com/errata/RHSA-2017:2491
- https://access.redhat.com/errata/RHSA-2017:2674
- https://access.redhat.com/errata/RHSA-2017:2674
- https://access.redhat.com/errata/RHSA-2017:2675
- https://access.redhat.com/errata/RHSA-2017:2675
- https://security.gentoo.org/glsa/201709-10
- https://security.gentoo.org/glsa/201709-10
- https://support.apple.com/HT208103
- https://support.apple.com/HT208103
- https://www.exploit-db.com/exploits/42599/
- https://www.exploit-db.com/exploits/42599/
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html