佚名MYHACK58:62201788524More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.599 Medium
EPSS
Percentile
97.5%
Around the world programmers Please Note, You must now immediately updates your version control system, Git, SVN, Mercurial open-source version control system recently to fix critical security vulnerabilities, the delay in the upgrade, you will be affected by the vulnerability.
More mainstream version control system there is a client arbitrary code execution vulnerability
Three mainstream source version control systems Git, Subversion (svn), and Mercurial, today released the Update Patch fixes a client-side code execution vulnerability.
The vulnerability by GitLab Brian Neel, the Recurity Labs of Joan Schneeweiss and GitHub’s Jeff King to find and report.
Applied to the Linux kernel, GitHub, and Gitlab behind the open-source version control system Git. Today released a more updated version, Git v2. 14. 1, The 2.7.6, v2. 8. 6, v2. 9. 5, v2. 10. 4, v2. 11. 3, v2. 12. 4 and v2. 13. 5, is used to fix the vulnerability.
“This update fixes a number of CVE-2017-1000117 vulnerabilities, with Subversion and Mercurial maintainers coordination, publishing, sharing this similar problem.” Git maintainer Junio Hamano on the mailing list writes.
Exploit
The vulnerability requires a combination of some social engineering skills to better use.
Git in its Bulletin warning:“a malicious attacker can send the victim to send a carefully constructed ssh:// URL link, when the victim visits this URL it will trigger the vulnerability lead to execution of malicious code.” The
The attacker carefully constructs a"ssh://…“URL to send the link to the victim, if the victim visits this URL, it will lead to malicious instructions on the client implementation.
The malicious URL can be placed in the project”. gitmodules"file in the victim to perform the“git clone --recurse-submodules”it will trigger the vulnerability.
Apache Subversion(SVN)1.9.7 patch for CVE-2017-9800 problem, it is with Git, the patched content is similar.
“In the svn:externals and svn:sync-from-url by constructing a malicious svn+ssh URL causes the client to arbitrary code execution”in the SVN updates fix the security issues.
Open source Mercurial version control system in 4. 3 and 4. 2. 3 fixes the vulnerability, the vulnerability number CVE-2017-1000115。
Exploit demo screenshots
! [](/Article/UploadPic/2017-8/201781119250772. png? www. myhack58. com)
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.599 Medium
EPSS
Percentile
97.5%