Vulnerabilities > CVE-2018-17456 - Argument Injection or Modification vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

exploit available

metasploit

NVD

Published: 2018-10-06

Updated: 2020-08-24

Summary

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

Vulnerable Configurations

Part	Description	Count
Application	Git-Scm GIT SCM GIT 2.19.0 GIT SCM GIT 2.18.0 GIT SCM GIT 2.17.0 GIT SCM GIT 2.17.1 GIT SCM GIT 2.16.0 GIT SCM GIT 2.16.1 GIT SCM GIT 2.16.2 GIT SCM GIT 2.16.3 GIT SCM GIT 2.16.4 GIT SCM GIT 2.15.0 GIT SCM GIT 2.15.1 GIT SCM GIT 2.15.2 GIT SCM GIT 2.14.0 GIT SCM GIT 2.14.1 GIT SCM GIT 2.14.2 GIT SCM GIT 2.14.3 GIT SCM GIT 2.14.4	37
Application	Redhat Redhat Ansible Tower 3.3	1
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux 7.4 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 6.7 Redhat Enterprise Linux 7.3 Redhat Enterprise Linux 7.5 Redhat Enterprise Linux 7.6 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server TUS 7.6 Redhat Enterprise Linux Server EUS 7.6 Redhat Enterprise Linux Server AUS 7.6	13
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 18.04	3
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-88 - Argument Injection or Modification

Common Attack Pattern Enumeration and Classification (CAPEC)

Try All Common Application Switches and Options
An attacker attempts to invoke all common switches and options in the target application for the purpose of discovering weaknesses in the target. For example, in some applications, adding a --debug switch causes debugging information to be displayed, which can sometimes reveal sensitive processing or configuration information to an attacker. This attack differs from other forms of API abuse in that the attacker is blindly attempting to invoke options in the hope that one of them will work rather than specifically targeting a known option. Nonetheless, even if the attacker is familiar with the published options of a targeted application this attack method may still be fruitful as it might discover unpublicized functionality.
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system.
HTTP Parameter Pollution (HPP)
An attacker overrides or adds HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP parameters, modify the application behaviors, access and, potentially exploit, uncontrollable variables, and bypass input validation checkpoints and WAF rules.
OS Command Injection
In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.

Exploit-Db

description	Git Submodule - Arbitrary Code Execution. CVE-2018-17456. Local exploit for Linux platform
file	exploits/linux/local/45631.md
id	EDB-ID:45631
last seen	2018-11-27
modified	2018-10-16
platform	linux
port
published	2018-10-16
reporter	Exploit-DB
source	https://old.exploit-db.com/download/45631/
title	Git Submodule - Arbitrary Code Execution
type	local

description	Git Submodule - Arbitrary Code Execution. CVE-2018-17456. Local exploit for Linux platform
file	exploits/linux/local/45548.txt
id	EDB-ID:45548
last seen	2018-10-08
modified	2018-10-05
platform	linux
port
published	2018-10-05
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45548/
title	Git Submodule - Arbitrary Code Execution
type	local

Metasploit

description	This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised (e.g git clone --recurse-submodules URL)
id	MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_URL_EXEC
last seen	2020-06-14
modified	2019-03-29
published	2018-10-18
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456 https://marc.info/?l=git&m=153875888916397&w=2 https://gist.github.com/joernchen/38dd6400199a542bc9660ea563dcf2b6 https://blog.github.com/2018-10-05-git-submodule-vulnerability
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/git_submodule_url_exec.rb
title	Malicious Git HTTP Server For CVE-2018-17456

Nessus

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2020-0023_GIT.NASL
description	The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive git clone of a superproject if a .gitmodules file has a URL field beginning with a
last seen	2020-05-15
modified	2020-03-08
plugin id	134311
published	2020-03-08
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134311
title	NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2020-0023)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2020-0023. The text # itself is copyright (C) ZTE, Inc. include('compat.inc'); if (description) { script_id(134311); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/10"); script_cve_id("CVE-2018-17456"); script_bugtraq_id(105523, 107511); script_name(english:"NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2020-0023)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive git clone of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (CVE-2018-17456) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0023"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17456"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) \|\| release !~ "^CGSL (MAIN\|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL MAIN 4.05") audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL MAIN 4.05": [ "emacs-git-1.7.1-10.el6_10", "emacs-git-el-1.7.1-10.el6_10", "git-1.7.1-10.el6_10", "git-all-1.7.1-10.el6_10", "git-cvs-1.7.1-10.el6_10", "git-daemon-1.7.1-10.el6_10", "git-debuginfo-1.7.1-10.el6_10", "git-email-1.7.1-10.el6_10", "git-gui-1.7.1-10.el6_10", "git-svn-1.7.1-10.el6_10", "gitk-1.7.1-10.el6_10", "gitweb-1.7.1-10.el6_10", "perl-Git-1.7.1-10.el6_10" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20181031_GIT_ON_SL7_X.NASL
description	Security Fix(es) : - git: arbitrary code execution via .gitmodules (CVE-2018-17456)
last seen	2020-05-15
modified	2018-11-27
plugin id	119206
published	2018-11-27
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119206
title	Scientific Linux Security Update : git on SL7.x x86_64 (20181031)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(119206); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-17456"); script_name(english:"Scientific Linux Security Update : git on SL7.x x86_64 (20181031)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - git: arbitrary code execution via .gitmodules (CVE-2018-17456)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=2771 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?14c744ea" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:emacs-git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:emacs-git-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-bzr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-hg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-instaweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-p4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perl-Git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", reference:"emacs-git-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"emacs-git-el-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"git-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-all-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-bzr-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-cvs-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"git-daemon-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"git-debuginfo-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-email-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"git-gnome-keyring-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-gui-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-hg-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-instaweb-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"git-p4-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"git-svn-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"gitk-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"gitweb-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"perl-Git-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"SL7", reference:"perl-Git-SVN-1.8.3.1-20.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-D5139C4FD6.NASL
description	Upstream security update resolving an issue with `git clone --recurse-submodules`. From the [upstream release announcement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct .c.googlers.com/) : > These releases fix a security flaw (CVE-2018-17456), which allowed an > attacker to execute arbitrary code by crafting a malicious .gitmodules > file in a project cloned with --recurse-submodules. > > When running
last seen	2020-06-05
modified	2018-10-22
plugin id	118244
published	2018-10-22
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118244
title	Fedora 27 : git (2018-d5139c4fd6)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-d5139c4fd6. # include("compat.inc"); if (description) { script_id(118244); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-17456"); script_xref(name:"FEDORA", value:"2018-d5139c4fd6"); script_name(english:"Fedora 27 : git (2018-d5139c4fd6)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upstream security update resolving an issue with `git clone --recurse-submodules`. From the [upstream release announcement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct .c.googlers.com/) : > These releases fix a security flaw (CVE-2018-17456), which allowed an > attacker to execute arbitrary code by crafting a malicious .gitmodules > file in a project cloned with --recurse-submodules. > > When running 'git clone --recurse-submodules', Git parses the supplied > .gitmodules file for a URL field and blindly passes it as an argument > to a 'git clone' subprocess. If the URL field is set to a string that > begins with a dash, this 'git clone' subprocess interprets the URL as > an option. This can lead to executing an arbitrary script shipped in > the superproject as the user who ran 'git clone'. > > In addition to fixing the security issue for the user running 'clone', > the 2.17.2, 2.18.1 and 2.19.1 releases have an 'fsck' check which can > be used to detect such malicious repository content when fetching or > accepting a push. See 'transfer.fsckObjects' in git-config(1). > > Credit for finding and fixing this vulnerability goes to joernchen > and Jeff King, respectively. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d5139c4fd6" ); script_set_attribute(attribute:"solution", value:"Update the affected git package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"git-2.14.5-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2018-3408.NASL
description	An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	119046
published	2018-11-21
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119046
title	CentOS 7 : git (CESA-2018:3408)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:3408 and # CentOS Errata and Security Advisory 2018:3408 respectively. # include("compat.inc"); if (description) { script_id(119046); script_version("1.6"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-17456"); script_xref(name:"RHSA", value:"2018:3408"); script_name(english:"CentOS 7 : git (CESA-2018:3408)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); # https://lists.centos.org/pipermail/centos-announce/2018-December/023102.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?908b53b3" ); # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005748.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?39b5ff45" ); script_set_attribute(attribute:"solution", value:"Update the affected git packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17456"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-bzr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-gnome-keyring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-hg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-instaweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-p4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git-SVN"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-el-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-all-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-bzr-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-cvs-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-daemon-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-email-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-gnome-keyring-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-gui-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-hg-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-instaweb-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-p4-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-svn-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitk-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitweb-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-1.8.3.1-20.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-SVN-1.8.3.1-20.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-0316.NASL
description	An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	133442
published	2020-02-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133442
title	CentOS 6 : git (CESA-2020:0316)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0316 and # CentOS Errata and Security Advisory 2020:0316 respectively. # include("compat.inc"); if (description) { script_id(133442); script_version("1.2"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2018-17456"); script_xref(name:"RHSA", value:"2020:0316"); script_name(english:"CentOS 6 : git (CESA-2020:0316)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); # https://lists.centos.org/pipermail/centos-announce/2020-February/035619.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?04255ca0" ); script_set_attribute(attribute:"solution", value:"Update the affected git packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17456"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"emacs-git-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"emacs-git-el-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-all-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-cvs-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-daemon-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-email-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-gui-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"git-svn-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"gitk-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"gitweb-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Git-1.7.1-10.el6_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-cvs / git-daemon / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2018-1093.NASL
description	Git before 2.14.5, allows remote code execution during processing of a recursive
last seen	2020-06-01
modified	2020-06-02
plugin id	118400
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118400
title	Amazon Linux 2 : git (ALAS-2018-1093)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1093. # include("compat.inc"); if (description) { script_id(118400); script_version("1.4"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2018-17456"); script_xref(name:"ALAS", value:"2018-1093"); script_name(english:"Amazon Linux 2 : git (ALAS-2018-1093)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Git before 2.14.5, allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.(CVE-2018-17456)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1093.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update git' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-core-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-gnome-keyring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-p4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git-SVN"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"git-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-all-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-core-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-core-doc-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-cvs-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-daemon-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-debuginfo-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-email-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-gnome-keyring-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-gui-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-p4-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"git-svn-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"gitk-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"gitweb-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"perl-Git-2.14.5-1.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"perl-Git-SVN-2.14.5-1.amzn2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-all / git-core / git-core-doc / git-cvs / git-daemon / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-7D993184F6.NASL
description	Update to 0.26.7 (CVE-2018-17456) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-10-15
plugin id	118103
published	2018-10-15
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118103
title	Fedora 27 : libgit2 (2018-7d993184f6)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-7d993184f6. # include("compat.inc"); if (description) { script_id(118103); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-17456"); script_xref(name:"FEDORA", value:"2018-7d993184f6"); script_name(english:"Fedora 27 : libgit2 (2018-7d993184f6)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 0.26.7 (CVE-2018-17456) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d993184f6" ); script_set_attribute( attribute:"solution", value:"Update the affected libgit2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libgit2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"libgit2-0.26.7-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgit2"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-1121-1.NASL
description	This update for git fixes the following issues : Security issues fixed : CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker
last seen	2020-05-06
modified	2020-04-29
plugin id	136074
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136074
title	SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:1121-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(136074); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id("CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"); script_name(english:"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for git fixes the following issues : Security issues fixed : CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930 git 2.26.0 (bsc#1167890, jsc#SLE-11608) : 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' Improved handling of sparse checkouts Improvements to many commands and internal features git 2.25.2 : bug fixes to various subcommands in specific operations git 2.25.1 : 'git commit' now honors advise.statusHints various updates, bug fixes and documentation updates git 2.25.0 The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. Test updates to prepare for SHA-2 transition continues. Redo 'git name-rev' to avoid recursive calls. When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1 : CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) git 2.24.0 The command line parser learned '--end-of-options' notation. A mechanism to affect the default setting for a (related) group of configuration variables is introduced. 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. fixes and improvements to UI, workflow and features, bash completion fixes git 2.23.0 : The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. The 'git log' command by default behaves as if the --mailmap option was given. fixes and improvements to UI, workflow and features git 2.22.1 A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. </repo></path> 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. Update to Unicode 12.1 width table. 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. </hex></hex> 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. Many more bugfixes and code cleanups. removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld. partial fix for git instaweb giving 500 error (bsc#1112230) git 2.22.0 The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option </blob></path> 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. 'git branch' learned a new subcommand '--show-current'. The command line completion (in contrib/) has been taught to complete more subcommand parameters. The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format. update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0 Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. Small fixes and features for fast-export and fast-import. The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. Update 'git multimail' from the upstream. A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. Fix worktree creation race (bsc#1114225). add shadow build dependency to the -daemon subpackage. git 2.20.1 : portability fixes 'git help -a' did not work well when an overly long alias was defined no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). Developer builds now use -Wunused-function compilation option. Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. ...and much more features and fixes git 2.19.2 : various bug fixes for multiple subcommands and operations git 2.19.1 : CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0 : 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. The userdiff pattern for .php has been updated. The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). 'git grep' learned the '--only-matching' option. 'git rebase --rebase-merges' mode now handles octopus merges as well. Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. </format> Many more strings are prepared for l10n. 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0 : improvements to rename detection logic When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. 'git mergetools' learned talking to guiffy. various other workflow improvements and fixes performance improvements and other developer visible fixes git 2.17.1 Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0 : 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. </object-id> 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. 'git rebase' learned to take '--allow-empty-message' option. 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does not sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. 'git diff' and friends learned funcname patterns for Go language source files. 'git send-email' learned '--reply-to=<address>' option. </address> Funcname pattern used for C# now recognizes 'async' keyword. In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063412" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095218" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095219" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110949" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1114225" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132350" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1156651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158788" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158789" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158791" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158793" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158795" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1167890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1168930" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1169605" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1169786" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1169936" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15298/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-11233/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-11235/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-17456/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1348/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1349/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1350/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1351/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1352/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1353/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1354/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-1387/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19604/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-11008/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-5260/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?47879213" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121=1 SUSE Linux Enterprise Module for Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1121=1 SUSE Linux Enterprise Module for Basesystem 15-SP1 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1121=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-arch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-p4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gitk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15\|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-p4-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-arch-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-cvs-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-email-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-gui-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-web-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"gitk-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-p4-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-arch-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-cvs-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-email-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-gui-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-web-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"gitk-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-06090DFF59.NASL
description	Upstream security update resolving an issue with `git clone --recurse-submodules`. From the [upstream release announcement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct .c.googlers.com/) : > These releases fix a security flaw (CVE-2018-17456), which allowed an > attacker to execute arbitrary code by crafting a malicious .gitmodules > file in a project cloned with --recurse-submodules. > > When running
last seen	2020-06-05
modified	2019-01-03
plugin id	120213
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120213
title	Fedora 29 : git (2018-06090dff59)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-06090dff59. # include("compat.inc"); if (description) { script_id(120213); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-17456"); script_xref(name:"FEDORA", value:"2018-06090dff59"); script_name(english:"Fedora 29 : git (2018-06090dff59)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Upstream security update resolving an issue with `git clone --recurse-submodules`. From the [upstream release announcement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct .c.googlers.com/) : > These releases fix a security flaw (CVE-2018-17456), which allowed an > attacker to execute arbitrary code by crafting a malicious .gitmodules > file in a project cloned with --recurse-submodules. > > When running 'git clone --recurse-submodules', Git parses the supplied > .gitmodules file for a URL field and blindly passes it as an argument > to a 'git clone' subprocess. If the URL field is set to a string that > begins with a dash, this 'git clone' subprocess interprets the URL as > an option. This can lead to executing an arbitrary script shipped in > the superproject as the user who ran 'git clone'. > > In addition to fixing the security issue for the user running 'clone', > the 2.17.2, 2.18.1 and 2.19.1 releases have an 'fsck' check which can > be used to detect such malicious repository content when fetching or > accepting a push. See 'transfer.fsckObjects' in git-config(1). > > Credit for finding and fixing this vulnerability goes to joernchen > and Jeff King, respectively. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-06090dff59" ); script_set_attribute(attribute:"solution", value:"Update the affected git package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"git-2.19.1-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3791-1.NASL
description	It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118083
published	2018-10-12
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118083
title	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : git vulnerability (USN-3791-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3791-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(118083); script_version("1.5"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2018-17456"); script_xref(name:"USN", value:"3791-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : git vulnerability (USN-3791-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3791-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected git package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04\|16\.04\|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"git", pkgver:"1:1.9.1-1ubuntu0.9")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"git", pkgver:"1:2.7.4-0ubuntu1.5")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"git", pkgver:"1:2.17.1-1ubuntu0.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-598.NASL
description	This update for git fixes the following issues : Security issues fixed : - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker
last seen	2020-05-08
modified	2020-05-04
plugin id	136311
published	2020-05-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136311
title	openSUSE Security Update : git (openSUSE-2020-598)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-598. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(136311); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id("CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"); script_name(english:"openSUSE Security Update : git (openSUSE-2020-598)"); script_summary(english:"Check for the openSUSE-2020-598 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for git fixes the following issues : Security issues fixed : - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930 git 2.26.0 (bsc#1167890, jsc#SLE-11608) : - 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' - Improved handling of sparse checkouts - Improvements to many commands and internal features git 2.25.2 : - bug fixes to various subcommands in specific operations git 2.25.1 : - 'git commit' now honors advise.statusHints - various updates, bug fixes and documentation updates git 2.25.0 - The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. - A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. - Test updates to prepare for SHA-2 transition continues. - Redo 'git name-rev' to avoid recursive calls. - When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. - HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1 : - CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) - CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) - CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) - CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) - CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) - CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) - CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) - CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) - CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) git 2.24.0 - The command line parser learned '--end-of-options' notation. - A mechanism to affect the default setting for a (related) group of configuration variables is introduced. - 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. - fixes and improvements to UI, workflow and features, bash completion fixes git 2.23.0 : - The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. - The 'git log' command by default behaves as if the --mailmap option was given. - fixes and improvements to UI, workflow and features git 2.22.1 - A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. - 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. - 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. - 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. - Update to Unicode 12.1 width table. - 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. - 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. - The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. - 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. - 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. - Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld. - partial fix for git instaweb giving 500 error (bsc#1112230) git 2.22.0 - The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option - 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. - Four new configuration variables (author,committer).(name,email) have been introduced to override user.(name,email) in more specific cases. - 'git branch' learned a new subcommand '--show-current'. - The command line completion (in contrib/) has been taught to complete more subcommand parameters. - The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. - The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. - 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. - 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0 - Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. - Small fixes and features for fast-export and fast-import. - The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. - 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. - Update 'git multimail' from the upstream. - A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). - add shadow build dependency to the -daemon subpackage. git 2.20.1 : - portability fixes - 'git help -a' did not work well when an overly long alias was defined - no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0 - 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. - 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. - 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). - Developer builds now use -Wunused-function compilation option. - Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. - The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. - Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. - Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. - 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. - ...and much more features and fixes git 2.19.2 : - various bug fixes for multiple subcommands and operations git 2.19.1 : - CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0 : - 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. - 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. - 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. - The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. - The userdiff pattern for .php has been updated. - The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. - 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). - 'git grep' learned the '--only-matching' option. - 'git rebase --rebase-merges' mode now handles octopus merges as well. - Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). - A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. - Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. - Many more strings are prepared for l10n. - 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. - The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. - 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. - 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. - 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. - The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. - 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. - 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0 : - improvements to rename detection logic - When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. - 'git mergetools' learned talking to guiffy. - various other workflow improvements and fixes - performance improvements and other developer visible fixes git 2.17.1 - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) - Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0 : - 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. - 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. - The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. - 'git rebase' learned to take '--allow-empty-message' option. - 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. - 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. - 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. - 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. - The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. - 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does not sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. - 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. - 'git diff' and friends learned funcname patterns for Go language source files. - 'git send-email' learned '--reply-to=<address>' option. - Funcname pattern used for C# now recognizes 'async' keyword. - In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063412" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110949" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114225" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132350" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158788" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158789" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158791" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158793" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158795" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1167890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1168930" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169605" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169786" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169936" ); script_set_attribute(attribute:"solution", value:"Update the affected git packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-arch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-p4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gitk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"git-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-arch-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-core-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-core-debuginfo-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-debuginfo-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-cvs-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-debuginfo-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-debuginfo-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-debugsource-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-email-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-gui-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-p4-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-svn-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-svn-debuginfo-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"git-web-2.26.1-lp151.4.9.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gitk-2.26.1-lp151.4.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-arch / git-core / git-core-debuginfo / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-0316.NASL
description	From Red Hat Security Advisory 2020:0316 : An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	133444
published	2020-02-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133444
title	Oracle Linux 6 : git (ELSA-2020-0316)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0316 and # Oracle Linux Security Advisory ELSA-2020-0316 respectively. # include("compat.inc"); if (description) { script_id(133444); script_version("1.2"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2018-17456"); script_xref(name:"RHSA", value:"2020:0316"); script_name(english:"Oracle Linux 6 : git (ELSA-2020-0316)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2020:0316 : An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-February/009572.html" ); script_set_attribute(attribute:"solution", value:"Update the affected git packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:emacs-git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:emacs-git-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"emacs-git-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"emacs-git-el-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-all-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-cvs-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-daemon-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-email-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-gui-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"git-svn-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"gitk-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"gitweb-1.7.1-10.el6_10")) flag++; if (rpm_check(release:"EL6", reference:"perl-Git-1.7.1-10.el6_10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-cvs / git-daemon / etc"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4311.NASL
description	joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules.
last seen	2020-06-01
modified	2020-06-02
plugin id	117957
published	2018-10-09
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117957
title	Debian DSA-4311-1 : git - security update

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1420.NASL
description	According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs
last seen	2020-06-01
modified	2020-06-02
plugin id	124923
published	2019-05-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124923
title	EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-3150-1.NASL
description	This update for git fixes the following issues : CVE-2018-17456: Git allowed remote code execution during processing of a recursive
last seen	2020-06-01
modified	2020-06-02
plugin id	120129
published	2019-01-02
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120129
title	SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:3150-1)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-2_0-0185_GIT.NASL
description	An update of the git package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	131125
published	2019-11-18
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131125
title	Photon OS 2.0: Git PHSA-2019-2.0-0185

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-986.NASL
description	This update for libgit2 fixes the following issues : Security issue fixed : - CVE-2018-17456: Submodule URLs and paths with a leading
last seen	2020-06-01
modified	2020-06-02
plugin id	123403
published	2019-03-27
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123403
title	openSUSE Security Update : libgit2 (openSUSE-2019-986)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1517.NASL
description	This update for libgit2 fixes the following issues : Security issue fixed : - CVE-2018-17456: Submodule URLs and paths with a leading
last seen	2020-06-05
modified	2018-12-10
plugin id	119546
published	2018-12-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119546
title	openSUSE Security Update : libgit2 (openSUSE-2018-1517)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-3408.NASL
description	An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	118555
published	2018-10-31
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118555
title	RHEL 7 : git (RHSA-2018:3408)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2018-3408.NASL
description	From Red Hat Security Advisory 2018:3408 : An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	118859
published	2018-11-11
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118859
title	Oracle Linux 7 : git (ELSA-2018-3408)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1147.NASL
description	This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive
last seen	2020-06-05
modified	2018-10-15
plugin id	118113
published	2018-10-15
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118113
title	openSUSE Security Update : git (openSUSE-2018-1147)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4088-1.NASL
description	This update for git fixes the following issue : CVE-2018-17456: Git allowed remote code execution during processing of a recursive
last seen	2020-06-01
modified	2020-06-02
plugin id	119649
published	2018-12-13
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119649
title	SUSE SLES12 Security Update : git (SUSE-SU-2018:4088-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0316.NASL
description	An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	133445
published	2020-02-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133445
title	RHEL 6 : git (RHSA-2020:0316)

NASL family	MacOS X Local Security Checks
NASL id	ATLASSIAN_SOURCETREE_3_1_1_MACOSX.NASL
description	The version of Atlassian SourceTree installed on the remote Windows host is version 1.2 prior to 3.1.1. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker can exploit this via the processing of a recursive git clone of a project with a specially crafted .gitmodules file, to execute arbitrary commands. (CVE-2018-17456) - An argument injection vulnerability exists in the Mercurial repository component. An authenticated, remote attacker can exploit this via filenames in the Mercurial repositories to execute arbitrary commands. (CVE-2018-20234, CVE-2018-20235) - A command injection vulnerability exists in the URI handling component. An unauthenticated, remote attacker could exploit this via sending a malicious URI to a victim to execution arbitrary commands. (CVE-2018-20236) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	124411
published	2019-04-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124411
title	Atlassian SourceTree 1.2 < 3.1.1 Multiple remote code execution vulnerabilities

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1388.NASL
description	According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - git: arbitrary code execution via .gitmodules (CVE-2018-17456) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-12-10
plugin id	119516
published	2018-12-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119516
title	EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1388)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2389.NASL
description	According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive
last seen	2020-05-08
modified	2019-12-10
plugin id	131881
published	2019-12-10
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131881
title	EulerOS 2.0 SP2 : git (EulerOS-SA-2019-2389)

NASL family	Windows
NASL id	ATLASSIAN_SOURCETREE_3_0_17.NASL
description	The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker can exploit this via the processing of a recursive git clone of a project with a specially crafted .gitmodules file, to execute arbitrary commands. (CVE-2018-17456) - An argument injection vulnerability exists in the Mercurial repository component. An authenticated, remote attacker can exploit this via filenames in the Mercurial repositories to execute arbitrary commands. (CVE-2018-20234, CVE-2018-20235) - A command injection vulnerability exists in the URI handling component. An unauthenticated, remote attacker could exploit this via sending a malicious URI to a victim to execution arbitrary commands. (CVE-2018-20236) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	122854
published	2019-03-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122854
title	Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1177.NASL
description	This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive
last seen	2020-06-05
modified	2018-10-17
plugin id	118169
published	2018-10-17
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118169
title	openSUSE Security Update : git (openSUSE-2018-1177)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1183.NASL
description	According to the version of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim
last seen	2020-03-19
modified	2019-04-09
plugin id	123869
published	2019-04-09
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123869
title	EulerOS Virtualization 2.5.3 : git (EulerOS-SA-2019-1183)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4088-3.NASL
description	This update for git fixes the following issue : CVE-2018-17456: Git allowed remote code execution during processing of a recursive
last seen	2020-06-01
modified	2020-06-02
plugin id	129578
published	2019-10-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129578
title	SUSE SLES12 Security Update : git (SUSE-SU-2018:4088-3)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200203_GIT_ON_SL6_X.NASL
description	Security Fix(es) : - git: arbitrary code execution via .gitmodules (CVE-2018-17456)
last seen	2020-05-15
modified	2020-02-04
plugin id	133447
published	2020-02-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133447
title	Scientific Linux Security Update : git on SL6.x i386/x86_64 (20200203)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4009-1.NASL
description	This update for libgit2 fixes the following issues : Security issue fixed : CVE-2018-17456: Submodule URLs and paths with a leading
last seen	2020-06-01
modified	2020-06-02
plugin id	120182
published	2019-01-02
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120182
title	SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:4009-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_8C08AB4CD06C11E8B35C001B217B3468.NASL
description	The Git community reports : Multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	118124
published	2018-10-16
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118124
title	FreeBSD : Libgit2 -- multiple vulnerabilities (8c08ab4c-d06c-11e8-b35c-001b217b3468)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1291.NASL
description	According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - git: arbitrary code execution via .gitmodules (CVE-2018-17456) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-04-30
plugin id	124387
published	2019-04-30
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124387
title	EulerOS 2.0 SP5 : git (EulerOS-SA-2019-1291)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-1C1A318A0B.NASL
description	Upstream security update resolving an issue with `git clone --recurse-submodules`. From the [upstream release announcement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct .c.googlers.com/) : > These releases fix a security flaw (CVE-2018-17456), which allowed an > attacker to execute arbitrary code by crafting a malicious .gitmodules > file in a project cloned with --recurse-submodules. > > When running
last seen	2020-06-05
modified	2019-01-03
plugin id	120268
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120268
title	Fedora 28 : git (2018-1c1a318a0b)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2018-283-01.NASL
description	New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	118059
published	2018-10-11
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118059
title	Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2018-283-01)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-42EAB0F5B9.NASL
description	Update to 0.26.7 (CVE-2018-17456) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120381
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120381
title	Fedora 28 : libgit2 (2018-42eab0f5b9)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1093.NASL
description	Git before 2.14.5, allows remote code execution during processing of a recursive
last seen	2020-06-01
modified	2020-06-02
plugin id	118213
published	2018-10-19
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118213
title	Amazon Linux AMI : git (ALAS-2018-1093)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-802.NASL
description	This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive
last seen	2020-06-01
modified	2020-06-02
plugin id	123340
published	2019-03-27
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123340
title	openSUSE Security Update : git (openSUSE-2019-802)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0047_GIT.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability: - An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	127228
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127228
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0047)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0992-1.NASL
description	This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed : git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): the xinetd snippet was removed the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0:
last seen	2020-04-30
modified	2020-04-15
plugin id	135580
published	2020-04-15
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135580
title	SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-ABFD4C6AC3.NASL
description	Update to 0.27.5 (CVE-2018-17456). In addition, this update syncs the non-modular libgit2 with the modular version now that we aren
last seen	2020-06-05
modified	2019-01-03
plugin id	120698
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120698
title	Fedora 29 : libgit2 (2018-abfd4c6ac3)

Packetstorm

data source	https://packetstormsecurity.com/files/download/149709/gitmodule-exec.txt
id	PACKETSTORM:149709
last seen	2018-10-09
published	2018-10-08
reporter	Junio C Hamano
source	https://packetstormsecurity.com/files/149709/Git-Submodule-Arbitrary-Code-Execution.html
title	Git Submodule Arbitrary Code Execution

data source	https://packetstormsecurity.com/files/download/150380/git_submodule_url_exec.rb.txt
id	PACKETSTORM:150380
last seen	2018-11-16
published	2018-11-15
reporter	metasploit.com
source	https://packetstormsecurity.com/files/150380/Malicious-Git-HTTP-Server.html
title	Malicious Git HTTP Server

data source	https://packetstormsecurity.com/files/download/149836/gitsubmod-exec.txt
id	PACKETSTORM:149836
last seen	2018-10-17
published	2018-10-17
reporter	joernchen
source	https://packetstormsecurity.com/files/149836/Git-Submodule-Arbitrary-Code-Execution.html
title	Git Submodule Arbitrary Code Execution

Redhat

advisories

bugzilla

id	1636619
title	CVE-2018-17456 git: arbitrary code execution via .gitmodules

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment git-gnome-keyring is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408001
comment git-gnome-keyring is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183408002

AND
comment git is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408003
comment git is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003002
AND
comment git-svn is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408005
comment git-svn is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003018
AND
comment git-daemon is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408007
comment git-daemon is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003004
AND
comment emacs-git is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408009
comment emacs-git is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003022
AND
comment perl-Git-SVN is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408011
comment perl-Git-SVN is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152561012
AND
comment git-instaweb is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408013
comment git-instaweb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183408014
AND
comment git-gui is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408015
comment git-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003006
AND
comment gitweb is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408017
comment gitweb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003014
AND
comment git-cvs is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408019
comment git-cvs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003016
AND
comment git-p4 is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408021
comment git-p4 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152561014
AND
comment emacs-git-el is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408023
comment emacs-git-el is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003008
AND
comment git-email is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408025
comment git-email is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003024
AND
comment perl-Git is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408027
comment perl-Git is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003012
AND
comment git-all is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408029
comment git-all is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003010
AND
comment git-hg is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408031
comment git-hg is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152561022
AND
comment git-bzr is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408033
comment git-bzr is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152561008
AND
comment gitk is earlier than 0:1.8.3.1-20.el7
oval oval:com.redhat.rhsa:tst:20183408035
comment gitk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003020

rhsa

id	RHSA-2018:3408
released	2018-10-30
severity	Important
title	RHSA-2018:3408: git security update (Important)

bugzilla

id	1636619
title	CVE-2018-17456 git: arbitrary code execution via .gitmodules

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment perl-Git is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316001
comment perl-Git is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003012
AND
comment git is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316003
comment git is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003002
AND
comment git-daemon is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316005
comment git-daemon is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003004
AND
comment gitweb is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316007
comment gitweb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003014
AND
comment gitk is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316009
comment gitk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003020
AND
comment git-svn is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316011
comment git-svn is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003018
AND
comment git-gui is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316013
comment git-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003006
AND
comment git-email is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316015
comment git-email is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003024
AND
comment git-cvs is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316017
comment git-cvs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003016
AND
comment git-all is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316019
comment git-all is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003010
AND
comment emacs-git-el is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316021
comment emacs-git-el is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003008
AND
comment emacs-git is earlier than 0:1.7.1-10.el6_10
oval oval:com.redhat.rhsa:tst:20200316023
comment emacs-git is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20101003022

rhsa

id	RHSA-2020:0316
released	2020-02-03
severity	Important
title	RHSA-2020:0316: git security update (Important)

rhsa
id RHSA-2018:3505
rhsa
id RHSA-2018:3541

rpms

emacs-git-0:1.8.3.1-20.el7
emacs-git-el-0:1.8.3.1-20.el7
git-0:1.8.3.1-20.el7
git-all-0:1.8.3.1-20.el7
git-bzr-0:1.8.3.1-20.el7
git-cvs-0:1.8.3.1-20.el7
git-daemon-0:1.8.3.1-20.el7
git-debuginfo-0:1.8.3.1-20.el7
git-email-0:1.8.3.1-20.el7
git-gnome-keyring-0:1.8.3.1-20.el7
git-gui-0:1.8.3.1-20.el7
git-hg-0:1.8.3.1-20.el7
git-instaweb-0:1.8.3.1-20.el7
git-p4-0:1.8.3.1-20.el7
git-svn-0:1.8.3.1-20.el7
gitk-0:1.8.3.1-20.el7
gitweb-0:1.8.3.1-20.el7
perl-Git-0:1.8.3.1-20.el7
perl-Git-SVN-0:1.8.3.1-20.el7
rh-git29-emacs-git-0:2.9.3-7.el6
rh-git29-emacs-git-el-0:2.9.3-7.el6
rh-git29-git-0:2.9.3-6.el7
rh-git29-git-0:2.9.3-7.el6
rh-git29-git-0:2.9.3-8.el7
rh-git29-git-all-0:2.9.3-6.el7
rh-git29-git-all-0:2.9.3-7.el6
rh-git29-git-all-0:2.9.3-8.el7
rh-git29-git-core-0:2.9.3-6.el7
rh-git29-git-core-0:2.9.3-7.el6
rh-git29-git-core-0:2.9.3-8.el7
rh-git29-git-core-doc-0:2.9.3-6.el7
rh-git29-git-core-doc-0:2.9.3-7.el6
rh-git29-git-core-doc-0:2.9.3-8.el7
rh-git29-git-cvs-0:2.9.3-6.el7
rh-git29-git-cvs-0:2.9.3-7.el6
rh-git29-git-cvs-0:2.9.3-8.el7
rh-git29-git-daemon-0:2.9.3-6.el7
rh-git29-git-daemon-0:2.9.3-7.el6
rh-git29-git-daemon-0:2.9.3-8.el7
rh-git29-git-debuginfo-0:2.9.3-6.el7
rh-git29-git-debuginfo-0:2.9.3-7.el6
rh-git29-git-debuginfo-0:2.9.3-8.el7
rh-git29-git-email-0:2.9.3-6.el7
rh-git29-git-email-0:2.9.3-7.el6
rh-git29-git-email-0:2.9.3-8.el7
rh-git29-git-gui-0:2.9.3-6.el7
rh-git29-git-gui-0:2.9.3-7.el6
rh-git29-git-gui-0:2.9.3-8.el7
rh-git29-git-p4-0:2.9.3-6.el7
rh-git29-git-p4-0:2.9.3-7.el6
rh-git29-git-p4-0:2.9.3-8.el7
rh-git29-git-svn-0:2.9.3-6.el7
rh-git29-git-svn-0:2.9.3-8.el7
rh-git29-gitk-0:2.9.3-6.el7
rh-git29-gitk-0:2.9.3-7.el6
rh-git29-gitk-0:2.9.3-8.el7
rh-git29-gitweb-0:2.9.3-6.el7
rh-git29-gitweb-0:2.9.3-7.el6
rh-git29-gitweb-0:2.9.3-8.el7
rh-git29-perl-Git-0:2.9.3-6.el7
rh-git29-perl-Git-0:2.9.3-7.el6
rh-git29-perl-Git-0:2.9.3-8.el7
rh-git29-perl-Git-SVN-0:2.9.3-6.el7
rh-git29-perl-Git-SVN-0:2.9.3-7.el6
rh-git29-perl-Git-SVN-0:2.9.3-8.el7
emacs-git-0:1.7.1-10.el6_10
emacs-git-el-0:1.7.1-10.el6_10
git-0:1.7.1-10.el6_10
git-all-0:1.7.1-10.el6_10
git-cvs-0:1.7.1-10.el6_10
git-daemon-0:1.7.1-10.el6_10
git-debuginfo-0:1.7.1-10.el6_10
git-email-0:1.7.1-10.el6_10
git-gui-0:1.7.1-10.el6_10
git-svn-0:1.7.1-10.el6_10
gitk-0:1.7.1-10.el6_10
gitweb-0:1.7.1-10.el6_10
perl-Git-0:1.7.1-10.el6_10

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Metasploit

Nessus

Packetstorm

Redhat

References