ID CVE-2017-1000117
Summary A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
References
Vulnerable Configurations
  • git-scm git 2.7.5
    cpe:2.3:a:git-scm:git:2.7.5
  • git-scm git 2.8.0
    cpe:2.3:a:git-scm:git:2.8.0
  • git-scm git 2.8.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.8.0:rc0
  • git-scm git 2.8.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.8.0:rc1
  • git-scm git 2.8.0 Release Candidate 2
    cpe:2.3:a:git-scm:git:2.8.0:rc2
  • git-scm git 2.8.0 Release Candidate 3
    cpe:2.3:a:git-scm:git:2.8.0:rc3
  • git-scm git 2.8.1
    cpe:2.3:a:git-scm:git:2.8.1
  • git-scm git 2.8.2
    cpe:2.3:a:git-scm:git:2.8.2
  • git-scm git 2.8.3
    cpe:2.3:a:git-scm:git:2.8.3
  • git-scm git 2.8.4
    cpe:2.3:a:git-scm:git:2.8.4
  • git-scm git 2.8.5
    cpe:2.3:a:git-scm:git:2.8.5
  • git-scm git 2.9.0
    cpe:2.3:a:git-scm:git:2.9.0
  • git-scm git 2.9.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.9.0:rc0
  • git-scm git 2.9.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.9.0:rc1
  • git-scm git 2.9.0 Release Candidate 2
    cpe:2.3:a:git-scm:git:2.9.0:rc2
  • git-scm git 2.9.1
    cpe:2.3:a:git-scm:git:2.9.1
  • git-scm git 2.9.2
    cpe:2.3:a:git-scm:git:2.9.2
  • git-scm git 2.9.3
    cpe:2.3:a:git-scm:git:2.9.3
  • git-scm git 2.9.4
    cpe:2.3:a:git-scm:git:2.9.4
  • git-scm git 2.10.0
    cpe:2.3:a:git-scm:git:2.10.0
  • git-scm git 2.10.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.10.0:rc0
  • git-scm git 2.10.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.10.0:rc1
  • git-scm git 2.10.0 Release Candidate 2
    cpe:2.3:a:git-scm:git:2.10.0:rc2
  • git-scm git 2.10.1
    cpe:2.3:a:git-scm:git:2.10.1
  • git-scm git 2.10.2
    cpe:2.3:a:git-scm:git:2.10.2
  • git-scm git 2.10.3
    cpe:2.3:a:git-scm:git:2.10.3
  • git-scm git 2.11.0
    cpe:2.3:a:git-scm:git:2.11.0
  • git-scm git 2.11.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.11.0:rc0
  • git-scm git 2.11.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.11.0:rc1
  • git-scm git 2.11.0 Release Candidate 2
    cpe:2.3:a:git-scm:git:2.11.0:rc2
  • git-scm git 2.11.0 Release Candidate 3
    cpe:2.3:a:git-scm:git:2.11.0:rc3
  • git-scm git 2.11.1
    cpe:2.3:a:git-scm:git:2.11.1
  • git-scm git 2.11.2
    cpe:2.3:a:git-scm:git:2.11.2
  • git-scm git 2.12.0
    cpe:2.3:a:git-scm:git:2.12.0
  • git-scm git 2.12.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.12.0:rc0
  • git-scm git 2.12.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.12.0:rc1
  • git-scm git 2.12.0 Release Candidate 2
    cpe:2.3:a:git-scm:git:2.12.0:rc2
  • git-scm git 2.12.1
    cpe:2.3:a:git-scm:git:2.12.1
  • git-scm git 2.12.2
    cpe:2.3:a:git-scm:git:2.12.2
  • git-scm git 2.12.3
    cpe:2.3:a:git-scm:git:2.12.3
  • git-scm git 2.13.0
    cpe:2.3:a:git-scm:git:2.13.0
  • git-scm git 2.13.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.13.0:rc0
  • git-scm git 2.13.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.13.0:rc1
  • git-scm git 2.13.0 Release Candidate 2
    cpe:2.3:a:git-scm:git:2.13.0:rc2
  • git-scm git 2.13.1
    cpe:2.3:a:git-scm:git:2.13.1
  • git-scm git 2.13.2
    cpe:2.3:a:git-scm:git:2.13.2
  • git-scm git 2.13.3
    cpe:2.3:a:git-scm:git:2.13.3
  • git-scm git 2.13.4
    cpe:2.3:a:git-scm:git:2.13.4
  • git-scm git 2.14.0
    cpe:2.3:a:git-scm:git:2.14.0
  • git-scm git 2.14.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.14.0:rc0
  • git-scm git 2.14.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.14.0:rc1
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
exploit-db via4
description Git < 2.7.5 - Command Injection (Metasploit). CVE-2017-1000117. Remote exploit for Python platform. Tags: Metasploit Framework
file exploits/python/remote/42599.rb
id EDB-ID:42599
last seen 2017-09-01
modified 2017-08-31
platform python
port
published 2017-08-31
reporter Exploit-DB
source https://www.exploit-db.com/download/42599/
title Git < 2.7.5 - Command Injection (Metasploit)
type remote
metasploit via4
description This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised.
id MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_COMMAND_EXEC
last seen 2019-03-29
modified 2019-03-29
published 2017-08-11
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/git_submodule_command_exec.rb
title Malicious Git HTTP Server For CVE-2017-1000117
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1187.NASL
    description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of ''ssh'' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a ''clone'' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103025
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103025
    title EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_XCODE_9.NASL
    description The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 9.0. It is, therefore, affected by multiple remote code execution vulnerabilities in the git, Id64, and subversion components. An unauthenticated, remote attacker can exploit these vulnerabilities to cause execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 103359
    published 2017-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103359
    title Apple Xcode < 9.0 Multiple RCE (macOS)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2674.NASL
    description An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Mobile Application Platform (RHMAP) 4.5 is delivered as a set of Docker-formatted container images. In addition to the images, several components are delivered as RPMs : * OpenShift templates used to deploy an RHMAP Core and MBaaS * The fh-system-dump-tool allows you to analyze all the projects running in an OpenShift cluster and reports any problems discovered. For more information, see the Operations Guide The following RPMs are included in the RHMAP container images, and are provided here only for completeness : * The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image. This release serves as an update for Red Hat Mobile Application Platform 4.4.3. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.5.0 Release Notes for information about the most significant bug fixes and enhancements included in this release. Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) * A flaw was discovered in the file editor of millicore which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation. (CVE-2017-7552) * The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources and access restricted endpoints. (CVE-2017-7553) * A flaw was found where the App Studio component of RHMAP 4.4 executes JavaScript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. (CVE-2017-7554) Red Hat would like to thank Tomas Rzepka for reporting CVE-2017-7552, CVE-2017-7553 and CVE-2017-7554.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103349
    published 2017-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103349
    title RHEL 7 : Mobile Application Platform (RHSA-2017:2674)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170817_GIT_ON_SL7_X.NASL
    description Security Fix(es) : - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102674
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102674
    title Scientific Linux Security Update : git on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-B1B3AE6666.NASL
    description Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL (CVE-2017-1000117). From the [release announcement](https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mt v.corp.google.com/) : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. Credits to find and fix the issue go to Brian Neel at GitLab, Joern Schneeweisz of Recurity Labs and Jeff King at GitHub. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 102461
    published 2017-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102461
    title Fedora 26 : git (2017-b1b3ae6666)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201709-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201709-10 (Git: Command injection) Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the client’s system. This is especially dangerous when the third-party repository has one or more submodules with specially crafted ‘ssh://...’ URLs. Each time the repository is recursively cloned or submodules are updated the payload will be triggered. Impact : A remote attacker, by enticing a user to clone a specially crafted repository, could possibly execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103278
    published 2017-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103278
    title GLSA-201709-10 : Git: Command injection
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3934.NASL
    description Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102374
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102374
    title Debian DSA-3934-1 : git - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-882.NASL
    description Command injection via malicious ssh URLs : A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 102870
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102870
    title Amazon Linux AMI : git (ALAS-2017-882)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1188.NASL
    description According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) - A shell command injection flaw related to the handling of ''ssh'' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a ''clone'' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103026
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103026
    title EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-988.NASL
    description This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 102943
    published 2017-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102943
    title openSUSE Security Update : git (openSUSE-2017-988)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2484.NASL
    description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102537
    published 2017-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102537
    title RHEL 7 : git (RHSA-2017:2484)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2485.NASL
    description An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102538
    published 2017-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102538
    title RHEL 6 : git (RHSA-2017:2485)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2484.NASL
    description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102769
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102769
    title CentOS 7 : git (CESA-2017:2484)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1068.NASL
    description Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules. For Debian 7 'Wheezy', these problems have been fixed in version 1:1.7.10.4-1+wheezy5. We recommend that you upgrade your git packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 102788
    published 2017-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102788
    title Debian DLA-1068-1 : git security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-8BA7572CFD.NASL
    description Resolve an arbitrary code execution vulnerability via crafted 'ssh://' URL (CVE-2017-1000117). From the [release announcement](https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mt v.corp.google.com/) : A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. Credits to find and fix the issue go to Brian Neel at GitLab, Joern Schneeweisz of Recurity Labs and Jeff King at GitHub. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 102458
    published 2017-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102458
    title Fedora 25 : git (2017-8ba7572cfd)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-2485.NASL
    description An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119223
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119223
    title Virtuozzo 6 : emacs-git / emacs-git-el / git / git-all / git-cvs / etc (VZLSA-2017-2485)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-939.NASL
    description This update for git fixes the following security issues : - CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted 'ssh://...' URLs, including submodules (boo#1052481)
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 102558
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102558
    title openSUSE Security Update : git (openSUSE-2017-939)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-223-01.NASL
    description New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 102432
    published 2017-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102432
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2017-223-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2320-1.NASL
    description This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 102914
    published 2017-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102914
    title SUSE SLES12 Security Update : git (SUSE-SU-2017:2320-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2485.NASL
    description An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102549
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102549
    title CentOS 6 : git (CESA-2017:2485)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170817_GIT_ON_SL6_X.NASL
    description Security Fix(es) : - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102576
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102576
    title Scientific Linux Security Update : git on SL6.x i386/x86_64
  • NASL family Windows
    NASL id GIT_FOR_WINDOWS_2_14_1.NASL
    description The version of Git for Windows installed on the remote host is version 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.6, 2.9.x prior to 2.9.5, 2.10.x prior to 2.10.4, 2.11.x prior to 2.11.13, 2.12.x prior to 2.12.4, 2.13.x prior to 2.13.5, or 2.14.x prior to 2.14.1. It is, therefore, affected by a command execution vulnerability due to a flaw in the handling of 'ssh://' URLs that begin with a dash. A maliciously crafted 'ssh://' URL causes Git clients to run an arbitrary shell command. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability.
    last seen 2019-02-21
    modified 2017-08-30
    plugin id 102494
    published 2017-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102494
    title Git for Windows 2.7.x < 2.7.6 / 2.8.x < 2.8.6 / 2.9.x < 2.9.5 / 2.10.x < 2.10.4 / 2.11.x < 2.11.13 / 2.12.x < 2.12.4 / 2.13.x < 2.13.5 / 2.14.x < 2.14.1 Malicious SSH URL Command Execution
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2484.NASL
    description From Red Hat Security Advisory 2017:2484 : An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 102534
    published 2017-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102534
    title Oracle Linux 7 : git (ELSA-2017-2484)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2485.NASL
    description From Red Hat Security Advisory 2017:2485 : An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 102569
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102569
    title Oracle Linux 6 : git (ELSA-2017-2485)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3387-1.NASL
    description Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 102423
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102423
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : git vulnerability (USN-3387-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/143965/git_submodule_command_exec.rb.txt
id PACKETSTORM:143965
last seen 2017-09-01
published 2017-08-30
reporter metasploit.com
source https://packetstormsecurity.com/files/143965/Malicious-GIT-HTTP-Server.html
title Malicious GIT HTTP Server
redhat via4
advisories
  • bugzilla
    id 1480386
    title CVE-2017-1000117 git: Command injection via malicious ssh URLs
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment emacs-git is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484031
        • comment emacs-git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003012
      • AND
        • comment emacs-git-el is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484017
        • comment emacs-git-el is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003024
      • AND
        • comment git is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484009
        • comment git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003006
      • AND
        • comment git-all is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484027
        • comment git-all is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003028
      • AND
        • comment git-bzr is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484015
        • comment git-bzr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561020
      • AND
        • comment git-cvs is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484035
        • comment git-cvs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003014
      • AND
        • comment git-daemon is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484007
        • comment git-daemon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003026
      • AND
        • comment git-email is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484025
        • comment git-email is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003010
      • AND
        • comment git-gui is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484029
        • comment git-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003022
      • AND
        • comment git-hg is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484021
        • comment git-hg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561026
      • AND
        • comment git-p4 is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484023
        • comment git-p4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561036
      • AND
        • comment git-svn is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484005
        • comment git-svn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003020
      • AND
        • comment gitk is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484011
        • comment gitk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003008
      • AND
        • comment gitweb is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484013
        • comment gitweb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003018
      • AND
        • comment perl-Git is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484019
        • comment perl-Git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003016
      • AND
        • comment perl-Git-SVN is earlier than 0:1.8.3.1-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172484033
        • comment perl-Git-SVN is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561018
    rhsa
    id RHSA-2017:2484
    released 2017-08-16
    severity Important
    title RHSA-2017:2484: git security update (Important)
  • bugzilla
    id 1480386
    title CVE-2017-1000117 git: Command injection via malicious ssh URLs
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment emacs-git is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485019
        • comment emacs-git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003012
      • AND
        • comment emacs-git-el is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485013
        • comment emacs-git-el is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003024
      • AND
        • comment git is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485007
        • comment git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003006
      • AND
        • comment git-all is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485015
        • comment git-all is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003028
      • AND
        • comment git-cvs is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485025
        • comment git-cvs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003014
      • AND
        • comment git-daemon is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485005
        • comment git-daemon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003026
      • AND
        • comment git-email is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485009
        • comment git-email is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003010
      • AND
        • comment git-gui is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485011
        • comment git-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003022
      • AND
        • comment git-svn is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485023
        • comment git-svn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003020
      • AND
        • comment gitk is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485017
        • comment gitk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003008
      • AND
        • comment gitweb is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485027
        • comment gitweb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003018
      • AND
        • comment perl-Git is earlier than 0:1.7.1-9.el6_9
          oval oval:com.redhat.rhsa:tst:20172485021
        • comment perl-Git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003016
    rhsa
    id RHSA-2017:2485
    released 2017-08-16
    severity Important
    title RHSA-2017:2485: git security update (Important)
  • rhsa
    id RHSA-2017:2491
  • rhsa
    id RHSA-2017:2674
  • rhsa
    id RHSA-2017:2675
rpms
  • emacs-git-0:1.8.3.1-12.el7_4
  • emacs-git-el-0:1.8.3.1-12.el7_4
  • git-0:1.8.3.1-12.el7_4
  • git-all-0:1.8.3.1-12.el7_4
  • git-bzr-0:1.8.3.1-12.el7_4
  • git-cvs-0:1.8.3.1-12.el7_4
  • git-daemon-0:1.8.3.1-12.el7_4
  • git-email-0:1.8.3.1-12.el7_4
  • git-gui-0:1.8.3.1-12.el7_4
  • git-hg-0:1.8.3.1-12.el7_4
  • git-p4-0:1.8.3.1-12.el7_4
  • git-svn-0:1.8.3.1-12.el7_4
  • gitk-0:1.8.3.1-12.el7_4
  • gitweb-0:1.8.3.1-12.el7_4
  • perl-Git-0:1.8.3.1-12.el7_4
  • perl-Git-SVN-0:1.8.3.1-12.el7_4
  • emacs-git-0:1.7.1-9.el6_9
  • emacs-git-el-0:1.7.1-9.el6_9
  • git-0:1.7.1-9.el6_9
  • git-all-0:1.7.1-9.el6_9
  • git-cvs-0:1.7.1-9.el6_9
  • git-daemon-0:1.7.1-9.el6_9
  • git-email-0:1.7.1-9.el6_9
  • git-gui-0:1.7.1-9.el6_9
  • git-svn-0:1.7.1-9.el6_9
  • gitk-0:1.7.1-9.el6_9
  • gitweb-0:1.7.1-9.el6_9
  • perl-Git-0:1.7.1-9.el6_9
refmap via4
bid 100283
confirm https://support.apple.com/HT208103
debian DSA-3934
exploit-db 42599
gentoo GLSA-201709-10
misc https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html
sectrack 1039131
Last major update 04-10-2017 - 21:29
Published 04-10-2017 - 21:29
Last modified 04-01-2018 - 21:31
Back to Top