Vulnerabilities > CVE-2018-19486 - Untrusted Search Path vulnerability in Git-Scm GIT

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
git-scm
linux
canonical
CWE-426
nessus

Summary

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

Vulnerable Configurations

Part Description Count
Application
Git-Scm
702
OS
Linux
1
OS
Canonical
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging/Manipulating Configuration File Search Paths
    This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-29AFEFD172.NASL
    descriptionUpstream security update. Refer to upstream commit [321fd82389](https://github.com/git/git/commit/321fd82389) for details on CVE-2018-19486. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120311
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120311
    titleFedora 28 : git (2018-29afefd172)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-29afefd172.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120311);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-19486");
      script_xref(name:"FEDORA", value:"2018-29afefd172");
    
      script_name(english:"Fedora 28 : git (2018-29afefd172)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upstream security update. Refer to upstream commit
    [321fd82389](https://github.com/git/git/commit/321fd82389) for details
    on CVE-2018-19486.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-29afefd172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/git/git/commit/321fd82389"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"git-2.17.2-2.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1032.NASL
    descriptionThis update for git fixes the following issues : Security issue fixed : - CVE-2018-19486: Fixed git that executed commands from the current working directory (as if
    last seen2020-06-01
    modified2020-06-02
    plugin id123162
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123162
    titleopenSUSE Security Update : git (openSUSE-2019-1032)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1032.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123162);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/31");
    
      script_cve_id("CVE-2018-19486");
    
      script_name(english:"openSUSE Security Update : git (openSUSE-2019-1032)");
      script_summary(english:"Check for the openSUSE-2019-1032 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for git fixes the following issues :
    
    Security issue fixed :
    
      - CVE-2018-19486: Fixed git that executed commands from
        the current working directory (as if '.' were at the end
        of $PATH) in certain cases involving the run_command()
        API and run-command.c, because there was (bsc#1117257).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117257"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gitk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"git-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-arch-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-core-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-core-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-gnome-keyring-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-libsecret-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-libsecret-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-cvs-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-daemon-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-daemon-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-debugsource-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-email-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-gui-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-p4-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-svn-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-svn-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-web-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"gitk-2.16.4-lp150.2.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-arch / git-core / git-core-debuginfo / etc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201904-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201904-13 (Git: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Git. Please review the referenced CVE identifiers for details Impact : Please review the referenced CVE identifier and bugs for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id123985
    published2019-04-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123985
    titleGLSA-201904-13 : Git: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201904-13.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123985);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2018-19486");
      script_xref(name:"GLSA", value:"201904-13");
    
      script_name(english:"GLSA-201904-13 : Git: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201904-13
    (Git: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Git. Please review the
          referenced CVE identifiers for details
      
    Impact :
    
        Please review the referenced CVE identifier and bugs for details.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201904-13"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Git users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.19.2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-vcs/git", unaffected:make_list("ge 2.20.1"), vulnerable:make_list("lt 2.20.1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Git");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1599.NASL
    descriptionThis update for git fixes the following issues : Security issue fixed : - CVE-2018-19486: Fixed git that executed commands from the current working directory (as if
    last seen2020-06-05
    modified2018-12-24
    plugin id119867
    published2018-12-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119867
    titleopenSUSE Security Update : git (openSUSE-2018-1599)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1599.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119867);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-19486");
    
      script_name(english:"openSUSE Security Update : git (openSUSE-2018-1599)");
      script_summary(english:"Check for the openSUSE-2018-1599 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for git fixes the following issues :
    
    Security issue fixed :
    
      - CVE-2018-19486: Fixed git that executed commands from
        the current working directory (as if '.' were at the end
        of $PATH) in certain cases involving the run_command()
        API and run-command.c, because there was (bsc#1117257).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117257"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gitk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"git-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-arch-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-core-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-core-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-gnome-keyring-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-libsecret-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-credential-libsecret-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-cvs-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-daemon-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-daemon-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-debugsource-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-email-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-gui-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-p4-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-svn-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-svn-debuginfo-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"git-web-2.16.4-lp150.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"gitk-2.16.4-lp150.2.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-arch / git-core / git-core-debuginfo / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1136.NASL
    descriptionGit before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if
    last seen2020-03-28
    modified2018-12-21
    plugin id119814
    published2018-12-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119814
    titleAmazon Linux AMI : git (ALAS-2018-1136)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1136.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119814);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2018-19486");
      script_xref(name:"ALAS", value:"2018-1136");
    
      script_name(english:"Amazon Linux AMI : git (ALAS-2018-1136)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Git before 2.19.2 on Linux and UNIX executes commands from the current
    working directory (as if '.' were at the end of $PATH) in certain
    cases involving the run_command() API and run-command.c, because there
    was a dangerous change from execvp to execv during
    2017.(CVE-2018-19486)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1136.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update git' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-git-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-bzr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-hg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git-SVN");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"emacs-git-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"emacs-git-el-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-all-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-bzr-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-cvs-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-daemon-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-debuginfo-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-email-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-hg-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-p4-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"git-svn-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"gitweb-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perl-Git-2.14.5-1.60.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perl-Git-SVN-2.14.5-1.60.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2310.NASL
    descriptionAccording to the version of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if
    last seen2020-06-01
    modified2020-06-02
    plugin id131475
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131475
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : git (EulerOS-SA-2019-2310)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131475);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/10");
    
      script_cve_id(
        "CVE-2018-19486"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : git (EulerOS-SA-2019-2310)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the git packages installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - Git before 2.19.2 on Linux and UNIX executes commands
        from the current working directory (as if '.' were at
        the end of $PATH) in certain cases involving the
        run_command() API and run-command.c, because there was
        a dangerous change from execvp to execv during
        2017.(CVE-2018-19486)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2310
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a8617a20");
      script_set_attribute(attribute:"solution", value:
    "Update the affected git package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["git-2.19.1-1.h4.eulerosv2r8",
            "git-core-2.19.1-1.h4.eulerosv2r8",
            "git-core-doc-2.19.1-1.h4.eulerosv2r8",
            "perl-Git-2.19.1-1.h4.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0185_GIT.NASL
    descriptionAn update of the git package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id131125
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131125
    titlePhoton OS 2.0: Git PHSA-2019-2.0-0185
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0185. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131125);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/10");
    
      script_cve_id("CVE-2018-17456", "CVE-2018-19486");
      script_bugtraq_id(105523, 106020, 107511);
    
      script_name(english:"Photon OS 2.0: Git PHSA-2019-2.0-0185");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the git package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-185.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19486");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"git-2.23.0-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"git-debuginfo-2.23.0-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"git-lang-2.23.0-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-F467C36C2B.NASL
    descriptionUpstream bugfix and security update. Refer to the [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.19. 2.txt) for general information and upstream commit [321fd82389](https://github.com/git/git/commit/321fd82389) for details on CVE-2018-19486. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120907
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120907
    titleFedora 29 : git (2018-f467c36c2b)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-f467c36c2b.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120907);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-19486");
      script_xref(name:"FEDORA", value:"2018-f467c36c2b");
    
      script_name(english:"Fedora 29 : git (2018-f467c36c2b)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upstream bugfix and security update. Refer to the [release
    notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.19.
    2.txt) for general information and upstream commit
    [321fd82389](https://github.com/git/git/commit/321fd82389) for details
    on CVE-2018-19486.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-f467c36c2b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/git/git/commit/321fd82389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.19.2.txt"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"git-2.19.2-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4190-1.NASL
    descriptionThis update for git fixes the following issues : Security issue fixed : CVE-2018-19486: Fixed git that executed commands from the current working directory (as if
    last seen2020-03-18
    modified2019-01-02
    plugin id120191
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120191
    titleSUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:4190-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:4190-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120191);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2018-19486");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:4190-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for git fixes the following issues :
    
    Security issue fixed :
    
    CVE-2018-19486: Fixed git that executed commands from the current
    working directory (as if '.' were at the end of $PATH) in certain
    cases involving the run_command() API and run-command.c, because there
    was (bsc#1117257).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-19486/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20184190-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?34cbe04d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2018-2990=1
    
    SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
    patch SUSE-SLE-Module-Development-Tools-15-2018-2990=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2990=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gitk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-gnome-keyring-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-libsecret-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-libsecret-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-p4-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-arch-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-cvs-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-daemon-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-daemon-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-email-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-gui-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-svn-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-svn-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-web-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"gitk-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-core-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-core-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-gnome-keyring-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-libsecret-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-libsecret-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-p4-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-arch-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-cvs-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-daemon-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-daemon-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-email-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-gui-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-svn-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-svn-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-web-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"gitk-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-core-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-core-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.9.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.9.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1136.NASL
    descriptionGit before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if
    last seen2020-03-28
    modified2018-12-20
    plugin id119790
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119790
    titleAmazon Linux 2 : git (ALAS-2018-1136)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1136.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119790);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2018-19486");
      script_xref(name:"ALAS", value:"2018-1136");
    
      script_name(english:"Amazon Linux 2 : git (ALAS-2018-1136)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Git before 2.19.2 on Linux and UNIX executes commands from the current
    working directory (as if '.' were at the end of $PATH) in certain
    cases involving the run_command() API and run-command.c, because there
    was a dangerous change from execvp to execv during
    2017.(CVE-2018-19486)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1136.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update git' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-core-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-subtree");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git-SVN");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"git-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-all-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-core-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-core-doc-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-cvs-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-daemon-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-debuginfo-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-email-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-gui-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-p4-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-subtree-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"git-svn-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"gitk-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"gitweb-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"perl-Git-2.17.2-2.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"perl-Git-SVN-2.17.2-2.amzn2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-all / git-core / git-core-doc / git-cvs / git-daemon / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3829-1.NASL
    descriptionIt was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15298) It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-19486). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119256
    published2018-11-28
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119256
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : git vulnerabilities (USN-3829-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0992-1.NASL
    descriptionThis update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed : git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): the xinetd snippet was removed the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0:
    last seen2020-04-30
    modified2020-04-15
    plugin id135580
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135580
    titleSUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

Redhat

advisories
rhsa
idRHSA-2018:3800
rpms
  • rh-git218-git-0:2.18.1-3.el7
  • rh-git218-git-all-0:2.18.1-3.el7
  • rh-git218-git-core-0:2.18.1-3.el7
  • rh-git218-git-core-doc-0:2.18.1-3.el7
  • rh-git218-git-cvs-0:2.18.1-3.el7
  • rh-git218-git-daemon-0:2.18.1-3.el7
  • rh-git218-git-debuginfo-0:2.18.1-3.el7
  • rh-git218-git-email-0:2.18.1-3.el7
  • rh-git218-git-gui-0:2.18.1-3.el7
  • rh-git218-git-instaweb-0:2.18.1-3.el7
  • rh-git218-git-p4-0:2.18.1-3.el7
  • rh-git218-git-subtree-0:2.18.1-3.el7
  • rh-git218-git-svn-0:2.18.1-3.el7
  • rh-git218-gitk-0:2.18.1-3.el7
  • rh-git218-gitweb-0:2.18.1-3.el7
  • rh-git218-perl-Git-0:2.18.1-3.el7
  • rh-git218-perl-Git-SVN-0:2.18.1-3.el7