Vulnerabilities > CVE-2017-8386
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 | |
OS | 1 | |
OS | 4 | |
OS | 3 |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-2004.NASL description From Red Hat Security Advisory 2017:2004 : An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102294 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102294 title Oracle Linux 7 : git (ELSA-2017-2004) NASL family Fedora Local Security Checks NASL id FEDORA_2017-01A7989FC0.NASL description An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/[email protected] v.corp.google.com/) : ... fix a recently disclosed problem with last seen 2020-06-05 modified 2017-05-30 plugin id 100485 published 2017-05-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100485 title Fedora 24 : git (2017-01a7989fc0) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1357-1.NASL description This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - last seen 2020-06-01 modified 2020-06-02 plugin id 100319 published 2017-05-22 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100319 title SUSE SLES12 Security Update : git (SUSE-SU-2017:1357-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-2004.NASL description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102749 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102749 title CentOS 7 : git (CESA-2017:2004) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3848.NASL description Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn last seen 2020-06-01 modified 2020-06-02 plugin id 100111 published 2017-05-11 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100111 title Debian DSA-3848-1 : git - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1377.NASL description According to the versions of the git package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.(CVE-2017-8386) - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs last seen 2020-06-01 modified 2020-06-02 plugin id 119068 published 2018-11-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119068 title EulerOS Virtualization 2.5.1 : git (EulerOS-SA-2018-1377) NASL family Scientific Linux Local Security Checks NASL id SL_20170801_GIT_ON_SL7_X.NASL description Security Fix(es) : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) last seen 2020-05-15 modified 2017-08-22 plugin id 102640 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102640 title Scientific Linux Security Update : git on SL7.x x86_64 (20170801) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3287-1.NASL description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100218 published 2017-05-16 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100218 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : git vulnerability (USN-3287-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-938.NASL description Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn last seen 2020-03-17 modified 2017-05-11 plugin id 100110 published 2017-05-11 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100110 title Debian DLA-938-1 : git security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-842.NASL description Escape out of git-shell A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) last seen 2020-06-01 modified 2020-06-02 plugin id 100643 published 2017-06-07 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100643 title Amazon Linux AMI : git (ALAS-2017-842) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7EA0E02914.NASL description An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/[email protected] v.corp.google.com/) : ... fix a recently disclosed problem with last seen 2020-06-05 modified 2017-07-17 plugin id 101665 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101665 title Fedora 26 : git (2017-7ea0e02914) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1187.NASL description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of last seen 2020-05-06 modified 2017-09-08 plugin id 103025 published 2017-09-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103025 title EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187) NASL family Fedora Local Security Checks NASL id FEDORA_2017-F4319B6DFC.NASL description An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/[email protected] v.corp.google.com/) : ... fix a recently disclosed problem with last seen 2020-06-05 modified 2017-05-16 plugin id 100200 published 2017-05-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100200 title Fedora 25 : git (2017-f4319b6dfc) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1188.NASL description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of last seen 2020-05-06 modified 2017-09-08 plugin id 103026 published 2017-09-08 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103026 title EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2004.NASL description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102110 published 2017-08-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102110 title RHEL 7 : git (RHSA-2017:2004) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201706-04.NASL description The remote host is affected by the vulnerability described in GLSA-201706-04 (Git: Security bypass) Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact : A remote attacker could possibly bypass security restrictions and access sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100647 published 2017-06-07 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100647 title GLSA-201706-04 : Git: Security bypass NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-624.NASL description This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - last seen 2020-06-05 modified 2017-05-30 plugin id 100500 published 2017-05-30 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100500 title openSUSE Security Update : git (openSUSE-2017-624) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0992-1.NASL description This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed : git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): the xinetd snippet was removed the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: last seen 2020-04-30 modified 2020-04-15 plugin id 135580 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135580 title SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows: * git-receive-pack * Receives repository updates from the client. * git-upload-pack * Pushes repository updates to the client. * git-upload-archive * Pushes a repository archive to the client. Besides those built-in commands, an administrator can also provide it’s own commands via shell scripts or other executable files. As those are typically completely custom, this post will concentrate on the built-in ones. Note: This has nothing to do with the also recently fixed vulnerabilities in gitlab [1] [2]. If you are familiar with git, you’ll maybe know that most of the servers encapsulate the git protocol inside additional protocols like SSH or HTTP/S [3]. That’s because the git protocol itself, while being a simple text based protocol [4], does not provide any authentication or protection mechanisms for the transferred data. The most common choice for write access to a repository is SSH as it provides multiple authentication mechanisms, a stable encryption, low protocol overhead once established and is widely approved. The downside of using SSH is that it was primarily designed to provide a shell access to remote users (“Secure SHell”). Typically, one does not give that to git users. To restrict the connection to be used only for accessing repositories, one has to replace the original shell (typically bash or something similar) by another, more restrictive shell. Big hosting companies often implemented their own version which mimics the commands listed above. But it is also possible to use the shell provided by the git developers, which restricts you to use only whitelisted commands and calls them accordingly. The setup is fairly simple. The recommended way is to create a dedicated git user on your server and use the git-shell command as the login shell for that user [5]. Another option is to use so called SSH force commands, which allows you to decide on a per client base (depending on the used key during authentication), but more on this later. If you’ve configured a ssh remote repository in your local repository, a git push essentially starts the following command (received data, sent data): ``` ssh git@remoteserver “git-receive-pack ‘/myrepository.git'” 008957d650a081a34bcbacdcdb5a94bddb506adfe8e0 refs/heads/develop report-status delete-refs side-band-64k quiet ofs-delta agent=git/2.1.4 003fbe8910f121957e3326c4fdd328ab9aabd05abdb5 refs/heads/master 00000000 ``` If both repositories have the same commits. If you try to execute commands which are not in this whitelist (either the builtin commands listed above or inside of a git-shell-commands directory in the home directory) you’ll get an error that this command is not recognized. Typical command injection attacks also do not work, as there is no interactive shell used. Instead the command line is simply split by spaces (but respecting quotes) and used by execve. This convinced me to take a look to the protocol handling binaries itself. Additionally, I remembered that git has an inbuilt help command which opens the man page for the given command. Example: ```$ git help init``` ``` GIT-INIT(1) Git Manual GIT-INIT(1) NAME git-init - Create an empty Git repository or reinitialize an existing one [...] ``` Some commands do also have the neat feature to invoke this command by using the –help commandline option: ```$ git init --help``` ``` GIT-INIT(1) Git Manual GIT-INIT(1) NAME git-init - Create an empty Git repository or reinitialize an existing one [...] ``` This also applies to the commands git-receive-pack and git-upload-archive. If we try this on a server: ```$ ssh git@remoteserver "git-receive-pack '--help'"``` ``` GIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1) NAME git-receive-pack - Receive what is pushed into the repository [...] ``` Neat! But how does this help us to bypass the restrictions? On most systems, if you open a man page (by the man command), the man specification is parsed, rendered to an ANSI output and piped into a pager (most of the time the less command). This allows you to scroll and search within the main page, independent of your terminal size and capabilities. Besides being a simple pager, less has also some additional interactive features. It allows you for example to open additional files (for reading), write the current output to a logfile and execute system commands in the current shell (!). To be able to use those features, it is required to run less in interactive mode. This mode is automatically enabled if a pty is available. This is typically the case if you simply connect to a SSH server, but is not the case if you directly run commands (as we are required to do in the default git-shell configuration (no custom commands)). Luckily we can force the ssh client to allocate a pty (if it is not disabled on the server side, which is most of the time not the case): ```$ ssh -t git@remoteserver "git-receive-pack '--help'"``` ``` GIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1) NAME git-receive-pack - Receive what is pushed into the repository Manual page git-receive-pack(1) line 1 (press h for help or q to quit) ``` Nice! We are now able to use all interactive features of less :-). In the recommended setup there is, however, one restriction. As I said before, the shell execution feature tries to execute commands in the current shell. This is the git-shell in our case, therefore we have the same restrictions here as if we had with the commands specified over ssh. Nevertheless, we are able to read files, list directories (by (ab)using the tab completion) and write the current shown output to a file (which might help us further if we are able to control a part of the output). ![](https://images.seebug.org/1494498830251-w331s) But as you might remember from the beginning of the post, there is also a second method to use git-shell (although not that common, as far as I can tell). This could for example be used if you want to restrict only a subset of the users with access to your hosted repositories, or if you are not allowed to change the shell for your git user (e.g. in a managed environment without root access). This time, we leave the the login shell as is (bash) and restrict the users by specifying the git-shell command in the .ssh/authorized_keys file. Example: ``` command="git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa AAAAB3NzaC1yc2EA[...] ``` This behaves exactly the same as if it was configured as the login shell, except that less is able to run commands in the login shell ![](https://images.seebug.org/1494498860243-w331s) But it has to be noted here, that you are able to supply additional (optin) flags to the forced command which restrict the ssh features. The most notable flag is the no-pty flag [6]. This prevents clients from requesting a pty and therefore does not allow to run less in an interactive mode. I recommend to update to one of the fixed versions v2.4.12, v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3, v2.11.2, v2.12.3 or v2.13.0. Best, Timo @bluec0re ##### Timeline 2017-04-25 Reported to the git-security mailing list 2017-05-01 Assigned CVE-2017-8386 2017-05-10 Release of the fixed versions v2.4.12, v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3, v2.11.2, v2.12.3 and v2.13.0 ##### References * [1] https://about.gitlab.com/2017/04/05/gitlab-9-dot-0-dot-4-security-release/ * [2] https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/ * [3] https://git-scm.com/book/no-nb/v1/Git-on-the-Server-The-Protocols * [4] https://github.com/git/git/blob/master/Documentation/technical/pack-protocol.txt * [5] https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server * [6] http://man.openbsd.org/sshd#command=”command” |
id | SSV:93096 |
last seen | 2017-11-19 |
modified | 2017-05-11 |
published | 2017-05-11 |
reporter | Anonymous |
title | Git Shell Bypass By Abusing Less (CVE-2017-8386) |
References
- http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html
- http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html
- http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/
- http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/
- http://www.debian.org/security/2017/dsa-3848
- http://www.debian.org/security/2017/dsa-3848
- http://www.securityfocus.com/bid/98409
- http://www.securityfocus.com/bid/98409
- http://www.securitytracker.com/id/1038479
- http://www.securitytracker.com/id/1038479
- http://www.ubuntu.com/usn/USN-3287-1
- http://www.ubuntu.com/usn/USN-3287-1
- https://access.redhat.com/errata/RHSA-2017:2004
- https://access.redhat.com/errata/RHSA-2017:2004
- https://access.redhat.com/errata/RHSA-2017:2491
- https://access.redhat.com/errata/RHSA-2017:2491
- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
- https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
- https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/
- https://security.gentoo.org/glsa/201706-04
- https://security.gentoo.org/glsa/201706-04