ID CENTOS_RHSA-2017-2004.NASL Type nessus Reporter Tenable Modified 2018-11-10T00:00:00
Description
An update for git is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es) :
It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.
(CVE-2014-9938)
A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)
Additional Changes :
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:2004 and
# CentOS Errata and Security Advisory 2017:2004 respectively.
#
include("compat.inc");
if (description)
{
script_id(102749);
script_version("3.3");
script_cvs_date("Date: 2018/11/10 11:49:32");
script_cve_id("CVE-2014-9938", "CVE-2017-8386");
script_xref(name:"RHSA", value:"2017:2004");
script_name(english:"CentOS 7 : git (CESA-2017:2004)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"An update for git is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Git is a distributed revision control system with a decentralized
architecture. As opposed to centralized version control systems with a
client-server model, Git ensures that each working copy of a Git
repository is an exact copy with complete revision history. This not
only allows the user to work on and contribute to projects without the
need to have permission to push the changes to their official
repositories, but also makes it possible for the user to work with no
network connection.
Security Fix(es) :
* It was found that the git-prompt.sh script shipped with git failed
to correctly handle branch names containing special characters. A
specially crafted git repository could use this flaw to execute
arbitrary commands if a user working with the repository configured
their shell to include repository information in the prompt.
(CVE-2014-9938)
* A flaw was found in the way git-shell handled command-line options
for the restricted set of git-shell commands. A remote, authenticated
attacker could use this flaw to bypass git-shell restrictions, to view
and manipulate files, by abusing the instance of the less command
launched using crafted command-line options. (CVE-2017-8386)
Additional Changes :
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section."
);
# https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f53b66c2"
);
script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-all");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-bzr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-cvs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-email");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-gui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-hg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-p4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitweb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git-SVN");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-el-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-all-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-bzr-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-cvs-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-daemon-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-email-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-gui-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-hg-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-p4-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-svn-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitk-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitweb-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-1.8.3.1-11.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-SVN-1.8.3.1-11.el7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "CENTOS_RHSA-2017-2004.NASL", "bulletinFamily": "scanner", "title": "CentOS 7 : git (CESA-2017:2004)", "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "published": "2017-08-25T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "reporter": "Tenable", "references": ["http://www.nessus.org/u?f53b66c2"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "type": "nessus", "lastseen": "2019-02-21T01:32:36", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:28:40", "references": [{"idList": ["ELSA-2017-2004"], "type": "oraclelinux"}, {"idList": ["FEDORA_2017-7EA0E02914.NASL", "UBUNTU_USN-3243-1.NASL", "ALA_ALAS-2017-842.NASL", "EULEROS_SA-2017-1187.NASL", "SL_20170801_GIT_ON_SL7_X.NASL", "REDHAT-RHSA-2017-2004.NASL", "EULEROS_SA-2017-1188.NASL", "FEDORA_2017-01A7989FC0.NASL", "SUSE_SU-2017-1357-1.NASL", "ORACLELINUX_ELSA-2017-2004.NASL"], "type": "nessus"}, {"idList": ["ALAS-2017-842"], "type": "amazon"}, {"idList": ["DEBIAN:DLA-938-1:1A47A", "DEBIAN:DSA-3848-1:B78B9"], "type": "debian"}, {"idList": ["RHSA-2017:2491", "RHSA-2017:2004"], "type": "redhat"}, {"idList": ["SSV:93096"], "type": "seebug"}, {"idList": ["CVE-2017-8386", "CVE-2014-9938"], "type": "cve"}, {"idList": ["OPENVAS:1361412562310872675", "OPENVAS:1361412562310871860", "OPENVAS:1361412562310843161", "OPENVAS:1361412562310872721", "OPENVAS:1361412562310843107", "OPENVAS:703848", "OPENVAS:1361412562310890938", "OPENVAS:1361412562310703848"], "type": "openvas"}, {"idList": ["MYHACK58:62201786028"], "type": "myhack58"}, {"idList": ["CFOUNDRY:926CF3F800861FCA5C7C29329B1991E8", "CFOUNDRY:69CE057373E45B8B47E6145E42562370"], "type": "cloudfoundry"}, {"idList": ["GLSA-201706-04"], "type": "gentoo"}, {"idList": ["USN-3243-1", "USN-3287-1"], "type": "ubuntu"}, {"idList": ["CESA-2017:2004"], "type": "centos"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "341dd31aa7425d086fb7cd65074bc538cc2ee9fd3be1306fc26d7169278ecace", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0424a4d39453012871df6167af95d7c0", "key": "description"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "f4bbf7f015e1e55439c698632d62f89c", "key": "sourceData"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "fb6904af5c5c1bac849ed329f8790ae7", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2019-01-16T20:28:40", "modified": "2018-11-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?f53b66c2"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f53b66c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:28:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "df6ba6032d7df11765b2d9282134ab0cf24f7155e6605ec0ca5f9bfa86cfd42a", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "f4bbf7f015e1e55439c698632d62f89c", "key": "sourceData"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "0b277617e00c89a258386fe5c9a94b24", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2018-11-11T08:31:02", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?95620d7e"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f53b66c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified"], "edition": 6, "lastseen": "2018-11-11T08:31:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "85edf7bf64ffa83d044f1aa0c388f0b8cd610438a69289242bbc71bbf92aef8a", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "e1a0cdc550f230ff7de6559e665d408a", "key": "sourceData"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "0b277617e00c89a258386fe5c9a94b24", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2018-09-01T23:48:51", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?95620d7e"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95620d7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["sourceData"], "edition": 5, "lastseen": "2018-09-01T23:48:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "7f3a136daed85387c6c66ddcc3582dc336653721f569187830c88bf8831d1767", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "f4bbf7f015e1e55439c698632d62f89c", "key": "sourceData"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "fb6904af5c5c1bac849ed329f8790ae7", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2018-11-11T12:51:47", "modified": "2018-11-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?f53b66c2"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f53b66c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 7, "lastseen": "2018-11-11T12:51:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d6c4edc983f1926e379e1663ee2d429585e4772e63a2f362adaf0f5952f9a187", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "92a2ae88060b11caa7ccfeb9266ef1a0", "key": "sourceData"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "0b277617e00c89a258386fe5c9a94b24", "key": "references"}, {"hash": "d33590e442429181ce31e92f8a53c81b", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2017-10-29T13:38:52", "modified": "2017-08-25T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?95620d7e"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/08/25 16:55:35 $\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_osvdb_id(154027, 157331);\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95620d7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:38:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a19f24d7c714e4a7220effcc3779889ce73f913819e460376a7cef34347db02b", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e1a0cdc550f230ff7de6559e665d408a", "key": "sourceData"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "0b277617e00c89a258386fe5c9a94b24", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2018-08-30T19:42:46", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?95620d7e"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95620d7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:42:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 1, "enchantments": {}, "hash": "edbabac27c39d3cbf066523856742fb6fed29c59f57e50d884178f0d9460b871", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "92a2ae88060b11caa7ccfeb9266ef1a0", "key": "sourceData"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "0b277617e00c89a258386fe5c9a94b24", "key": "references"}, {"hash": "d33590e442429181ce31e92f8a53c81b", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2017-08-26T01:14:07", "modified": "2017-08-25T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?95620d7e"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/08/25 16:55:35 $\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_osvdb_id(154027, 157331);\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95620d7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2017-08-26T01:14:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "cvelist": ["CVE-2017-8386", "CVE-2014-9938"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "85edf7bf64ffa83d044f1aa0c388f0b8cd610438a69289242bbc71bbf92aef8a", "hashmap": [{"hash": "d33590e442429181ce31e92f8a53c81b", "key": "published"}, {"hash": "90c0ac1c478cc8e623d82c8fe7c6c101", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "351a5f7d940746c9560d5fa780c69304", "key": "cpe"}, {"hash": "3b34c57455b59f610ad848c6880b36d6", "key": "href"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "efd29de140daed7979bb1130c75031aa", "key": "cvelist"}, {"hash": "5052c616c1428bd3f9846c1f257f8da6", "key": "pluginID"}, {"hash": "e1a0cdc550f230ff7de6559e665d408a", "key": "sourceData"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0318c6403331a528924b850bb2ab1fb2", "key": "description"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "0b277617e00c89a258386fe5c9a94b24", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=102749", "id": "CENTOS_RHSA-2017-2004.NASL", "lastseen": "2018-07-03T09:53:59", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "102749", "published": "2017-08-25T00:00:00", "references": ["http://www.nessus.org/u?95620d7e"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95620d7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : git (CESA-2017:2004)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-03T09:53:59"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "351a5f7d940746c9560d5fa780c69304"}, {"key": "cvelist", "hash": "efd29de140daed7979bb1130c75031aa"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "0318c6403331a528924b850bb2ab1fb2"}, {"key": "href", "hash": "3b34c57455b59f610ad848c6880b36d6"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "5052c616c1428bd3f9846c1f257f8da6"}, {"key": "published", "hash": "d33590e442429181ce31e92f8a53c81b"}, {"key": "references", "hash": "fb6904af5c5c1bac849ed329f8790ae7"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f4bbf7f015e1e55439c698632d62f89c"}, {"key": "title", "hash": "90c0ac1c478cc8e623d82c8fe7c6c101"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7f3a136daed85387c6c66ddcc3582dc336653721f569187830c88bf8831d1767", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9938", "CVE-2017-8386"]}, {"type": "seebug", "idList": ["SSV:93096"]}, {"type": "centos", "idList": ["CESA-2017:2004"]}, {"type": "redhat", "idList": ["RHSA-2017:2004", "RHSA-2017:2491"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2017-2004.NASL", "ORACLELINUX_ELSA-2017-2004.NASL", "SL_20170801_GIT_ON_SL7_X.NASL", "EULEROS_SA-2017-1187.NASL", "EULEROS_SA-2017-1188.NASL", "UBUNTU_USN-3243-1.NASL", "SUSE_SU-2017-1357-1.NASL", "ALA_ALAS-2017-842.NASL", "FEDORA_2017-7EA0E02914.NASL", "FEDORA_2017-01A7989FC0.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871860", "OPENVAS:1361412562310843107", "OPENVAS:703848", "OPENVAS:1361412562310872675", "OPENVAS:1361412562310890938", "OPENVAS:1361412562310703848", "OPENVAS:1361412562310872721", "OPENVAS:1361412562310843161"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2004"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:926CF3F800861FCA5C7C29329B1991E8", "CFOUNDRY:69CE057373E45B8B47E6145E42562370"]}, {"type": "ubuntu", "idList": ["USN-3243-1", "USN-3287-1"]}, {"type": "gentoo", "idList": ["GLSA-201706-04"]}, {"type": "amazon", "idList": ["ALAS-2017-842"]}, {"type": "debian", "idList": ["DEBIAN:DLA-938-1:1A47A", "DEBIAN:DSA-3848-1:B78B9"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786028"]}], "modified": "2019-02-21T01:32:36"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# CentOS Errata and Security Advisory 2017:2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102749);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"CentOS 7 : git (CESA-2017:2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f53b66c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "102749", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:git-bzr"], "scheme": null}
{"cve": [{"lastseen": "2018-01-05T12:21:56", "bulletinFamily": "NVD", "description": "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.", "modified": "2018-01-04T21:29:58", "published": "2017-03-19T20:59:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9938", "id": "CVE-2014-9938", "title": "CVE-2014-9938", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:16:26", "bulletinFamily": "NVD", "description": "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.", "modified": "2018-10-30T12:27:32", "published": "2017-06-01T12:29:00", "id": "CVE-2017-8386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8386", "title": "CVE-2017-8386", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T11:57:59", "bulletinFamily": "exploit", "description": "The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows:\r\n\r\n\r\n* git-receive-pack\r\n\t* Receives repository updates from the client.\r\n* git-upload-pack\r\n\t* Pushes repository updates to the client.\r\n* git-upload-archive\r\n\t* Pushes a repository archive to the client.\r\n\t\r\nBesides those built-in commands, an administrator can also provide it\u2019s own commands via shell scripts or other executable files. As those are typically completely custom, this post will concentrate on the built-in ones.\r\n\r\n\tNote: This has nothing to do with the also recently fixed vulnerabilities in gitlab [1] [2].\r\n\r\n\r\nIf you are familiar with git, you\u2019ll maybe know that most of the servers encapsulate the git protocol inside additional protocols like SSH or HTTP/S [3]. That\u2019s because the git protocol itself, while being a simple text based protocol [4], does not provide any authentication or protection mechanisms for the transferred data. The most common choice for write access to a repository is SSH as it provides multiple authentication mechanisms, a stable encryption, low protocol overhead once established and is widely approved.\r\n\r\nThe downside of using SSH is that it was primarily designed to provide a shell access to remote users (\u201cSecure SHell\u201d). Typically, one does not give that to git users. To restrict the connection to be used only for accessing repositories, one has to replace the original shell (typically bash or something similar) by another, more restrictive shell. Big hosting companies often implemented their own version which mimics the commands listed above. But it is also possible to use the shell provided by the git developers, which restricts you to use only whitelisted commands and calls them accordingly.\r\n\r\nThe setup is fairly simple. The recommended way is to create a dedicated git user on your server and use the git-shell command as the login shell for that user [5]. Another option is to use so called SSH force commands, which allows you to decide on a per client base (depending on the used key during authentication), but more on this later.\r\n\r\nIf you\u2019ve configured a ssh remote repository in your local repository, a git push essentially starts the following command (received data, sent data):\r\n\r\n```\r\nssh git@remoteserver \u201cgit-receive-pack \u2018/myrepository.git'\u201d\r\n008957d650a081a34bcbacdcdb5a94bddb506adfe8e0 refs/heads/develop report-status delete-refs side-band-64k quiet ofs-delta agent=git/2.1.4\r\n003fbe8910f121957e3326c4fdd328ab9aabd05abdb5 refs/heads/master\r\n00000000\r\n```\r\n\r\nIf both repositories have the same commits. If you try to execute commands which are not in this whitelist (either the builtin commands listed above or inside of a git-shell-commands directory in the home directory) you\u2019ll get an error that this command is not recognized. Typical command injection attacks also do not work, as there is no interactive shell used. Instead the command line is simply split by spaces (but respecting quotes) and used by execve. \r\n\r\nThis convinced me to take a look to the protocol handling binaries itself. Additionally, I remembered that git has an inbuilt help command which opens the man page for the given command. Example:\r\n```$ git help init```\r\n```\r\nGIT-INIT(1) Git Manual GIT-INIT(1)\r\n\r\nNAME\r\n git-init - Create an empty Git repository or reinitialize an existing one\r\n[...]\r\n```\r\nSome commands do also have the neat feature to invoke this command by using the \u2013help commandline option:\r\n```$ git init --help```\r\n```\r\nGIT-INIT(1) Git Manual GIT-INIT(1)\r\n\r\nNAME\r\ngit-init - Create an empty Git repository or reinitialize an existing one\r\n[...]\r\n```\r\nThis also applies to the commands git-receive-pack and git-upload-archive. If we try this on a server:\r\n```$ ssh git@remoteserver \"git-receive-pack '--help'\"```\r\n```\r\nGIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1)\r\n\r\nNAME\r\n git-receive-pack - Receive what is pushed into the repository\r\n[...]\r\n```\r\nNeat! But how does this help us to bypass the restrictions? On most systems, if you open a man page (by the man command), the man specification is parsed, rendered to an ANSI output and piped into a pager (most of the time the less command). This allows you to scroll and search within the main page, independent of your terminal size and capabilities.\r\n\r\nBesides being a simple pager, less has also some additional interactive features. It allows you for example to open additional files (for reading), write the current output to a logfile and execute system commands in the current shell (!). To be able to use those features, it is required to run less in interactive mode. This mode is automatically enabled if a pty is available. This is typically the case if you simply connect to a SSH server, but is not the case if you directly run commands (as we are required to do in the default git-shell configuration (no custom commands)). Luckily we can force the ssh client to allocate a pty (if it is not disabled on the server side, which is most of the time not the case):\r\n```$ ssh -t git@remoteserver \"git-receive-pack '--help'\"```\r\n```\r\nGIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1)\r\n\r\nNAME\r\n git-receive-pack - Receive what is pushed into the repository\r\n\r\n Manual page git-receive-pack(1) line 1 (press h for help or q to quit)\r\n ```\r\n Nice! We are now able to use all interactive features of less :-). In the recommended setup there is, however, one restriction. As I said before, the shell execution feature tries to execute commands in the current shell. This is the git-shell in our case, therefore we have the same restrictions here as if we had with the commands specified over ssh. Nevertheless, we are able to read files, list directories (by (ab)using the tab completion) and write the current shown output to a file (which might help us further if we are able to control a part of the output).\r\n \r\n \r\n \r\n But as you might remember from the beginning of the post, there is also a second method to use git-shell (although not that common, as far as I can tell). This could for example be used if you want to restrict only a subset of the users with access to your hosted repositories, or if you are not allowed to change the shell for your git user (e.g. in a managed environment without root access).\r\n\r\nThis time, we leave the the login shell as is (bash) and restrict the users by specifying the git-shell command in the .ssh/authorized_keys file. Example:\r\n```\r\ncommand=\"git-shell -c \\\"$SSH_ORIGINAL_COMMAND\\\"\" ssh-rsa AAAAB3NzaC1yc2EA[...]\r\n```\r\nThis behaves exactly the same as if it was configured as the login shell, except that less is able to run commands in the login shell\r\n\r\n\r\n\r\nBut it has to be noted here, that you are able to supply additional (optin) flags to the forced command which restrict the ssh features. The most notable flag is the no-pty flag [6]. This prevents clients from requesting a pty and therefore does not allow to run less in an interactive mode.\r\n\r\nI recommend to update to one of the fixed versions v2.4.12, v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3, v2.11.2, v2.12.3 or v2.13.0.\r\n\r\nBest,\r\n\r\nTimo\r\n\r\n@bluec0re\r\n\r\n##### Timeline\r\n\r\n2017-04-25 Reported to the git-security mailing list\r\n2017-05-01 Assigned CVE-2017-8386\r\n2017-05-10 Release of the fixed versions v2.4.12, v2.5.6, v2.6.7, v2.7.5, v2.8.5, v2.9.4, v2.10.3, v2.11.2, v2.12.3 and v2.13.0\r\n##### References\r\n\r\n* [1] https://about.gitlab.com/2017/04/05/gitlab-9-dot-0-dot-4-security-release/\r\n* [2] https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/\r\n* [3] https://git-scm.com/book/no-nb/v1/Git-on-the-Server-The-Protocols\r\n* [4] https://github.com/git/git/blob/master/Documentation/technical/pack-protocol.txt\r\n* [5] https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server\r\n* [6] http://man.openbsd.org/sshd#command=\u201dcommand\u201d", "modified": "2017-05-11T00:00:00", "published": "2017-05-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-93096", "id": "SSV:93096", "type": "seebug", "title": "Git Shell Bypass By Abusing Less (CVE-2017-8386)", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:54", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "modified": "2018-04-12T03:32:45", "published": "2017-08-01T09:57:16", "id": "RHSA-2017:2004", "href": "https://access.redhat.com/errata/RHSA-2017:2004", "type": "redhat", "title": "(RHSA-2017:2004) Moderate: git security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:38", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* A shell command injection flaw related to the handling of \"ssh\" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a \"clone\" action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)", "modified": "2018-06-13T01:28:16", "published": "2017-08-18T01:33:27", "id": "RHSA-2017:2491", "href": "https://access.redhat.com/errata/RHSA-2017:2491", "type": "redhat", "title": "(RHSA-2017:2491) Important: rh-git29-git security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:32:11", "bulletinFamily": "scanner", "description": "An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2017-2004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=102110", "published": "2017-08-02T00:00:00", "title": "RHEL 7 : git (RHSA-2017:2004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2004. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102110);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/26 11:02:16\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2017:2004)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-8386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2004\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-debuginfo-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:32:32", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n (CVE-2014-9938)\n\n - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.\n (CVE-2017-8386)", "modified": "2018-12-27T00:00:00", "id": "SL_20170801_GIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=102640", "published": "2017-08-22T00:00:00", "title": "Scientific Linux Security Update : git on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102640);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n\n script_name(english:\"Scientific Linux Security Update : git on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the git-prompt.sh script shipped with\n git failed to correctly handle branch names containing\n special characters. A specially crafted git repository\n could use this flaw to execute arbitrary commands if a\n user working with the repository configured their shell\n to include repository information in the prompt.\n (CVE-2014-9938)\n\n - A flaw was found in the way git-shell handled\n command-line options for the restricted set of git-shell\n commands. A remote, authenticated attacker could use\n this flaw to bypass git-shell restrictions, to view and\n manipulate files, by abusing the instance of the less\n command launched using crafted command-line options.\n (CVE-2017-8386)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=18176\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38e4a5af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:32:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2017:2004 :\n\nAn update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "modified": "2018-07-24T00:00:00", "id": "ORACLELINUX_ELSA-2017-2004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=102294", "published": "2017-08-09T00:00:00", "title": "Oracle Linux 7 : git (ELSA-2017-2004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2004 and \n# Oracle Linux Security Advisory ELSA-2017-2004 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102294);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\");\n script_xref(name:\"RHSA\", value:\"2017:2004\");\n\n script_name(english:\"Oracle Linux 7 : git (ELSA-2017-2004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2004 :\n\nAn update for git is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nSecurity Fix(es) :\n\n* It was found that the git-prompt.sh script shipped with git failed\nto correctly handle branch names containing special characters. A\nspecially crafted git repository could use this flaw to execute\narbitrary commands if a user working with the repository configured\ntheir shell to include repository information in the prompt.\n(CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options\nfor the restricted set of git-shell commands. A remote, authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007085.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-11.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-11.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:32:47", "bulletinFamily": "scanner", "description": "According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n (CVE-2014-9938)\n\n - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\n - A shell command injection flaw related to the handling of ''ssh'' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a ''clone'' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2017-1187.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103025", "published": "2017-09-08T00:00:00", "title": "EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103025);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2014-9938\",\n \"CVE-2017-1000117\",\n \"CVE-2017-8386\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that the git-prompt.sh script shipped with\n git failed to correctly handle branch names containing\n special characters. A specially crafted git repository\n could use this flaw to execute arbitrary commands if a\n user working with the repository configured their shell\n to include repository information in the prompt.\n (CVE-2014-9938)\n\n - A flaw was found in the way git-shell handled\n command-line options for the restricted set of\n git-shell commands. A remote, authenticated attacker\n could use this flaw to bypass git-shell restrictions,\n to view and manipulate files, by abusing the instance\n of the less command launched using crafted command-line\n options. (CVE-2017-8386)\n\n - A shell command injection flaw related to the handling\n of ''ssh'' URLs has been discovered in Git. An attacker\n could use this flaw to execute shell commands with the\n privileges of the user running the Git client, for\n example, when performing a ''clone'' action on a\n malicious repository or a legitimate repository\n containing a malicious commit. (CVE-2017-1000117)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1187\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?269848e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2017-1000117');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:32:47", "bulletinFamily": "scanner", "description": "According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.\n (CVE-2014-9938)\n\n - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\n - A shell command injection flaw related to the handling of ''ssh'' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a ''clone'' action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2017-1188.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103026", "published": "2017-09-08T00:00:00", "title": "EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103026);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2014-9938\",\n \"CVE-2017-1000117\",\n \"CVE-2017-8386\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that the git-prompt.sh script shipped with\n git failed to correctly handle branch names containing\n special characters. A specially crafted git repository\n could use this flaw to execute arbitrary commands if a\n user working with the repository configured their shell\n to include repository information in the prompt.\n (CVE-2014-9938)\n\n - A flaw was found in the way git-shell handled\n command-line options for the restricted set of\n git-shell commands. A remote, authenticated attacker\n could use this flaw to bypass git-shell restrictions,\n to view and manipulate files, by abusing the instance\n of the less command launched using crafted command-line\n options. (CVE-2017-8386)\n\n - A shell command injection flaw related to the handling\n of ''ssh'' URLs has been discovered in Git. An attacker\n could use this flaw to execute shell commands with the\n privileges of the user running the Git client, for\n example, when performing a ''clone'' action on a\n malicious repository or a legitimate repository\n containing a malicious commit. (CVE-2017-1000117)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1188\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2e70457\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2017-1000117');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:49", "bulletinFamily": "scanner", "description": "It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3243-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=97938", "published": "2017-03-24T00:00:00", "title": "Ubuntu 14.04 LTS : git vulnerability (USN-3243-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3243-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97938);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/12/01 15:12:41\");\n\n script_cve_id(\"CVE-2014-9938\");\n script_xref(name:\"USN\", value:\"3243-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : git vulnerability (USN-3243-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Git incorrectly sanitized branch names in the\nPS1 variable when configured to display the repository status in the\nshell prompt. If a user were tricked into exploring a malicious\nrepository, a remote attacker could use this issue to execute\narbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3243-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"git\", pkgver:\"1:1.9.1-1ubuntu0.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:31:52", "bulletinFamily": "scanner", "description": "An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt v.corp.google.com/) :\n\n... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (CVE-2017-8386).\n\nThe announcement also notes :\n\nIf you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running 'git shell' behind gitolite are NOT vulnerable. \n\nFurther details can be found in the commit message which fixed the issue ([3ec804490](https://github.com/git/git/commit/3ec804490)).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-02-02T00:00:00", "id": "FEDORA_2017-7EA0E02914.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101665", "published": "2017-07-17T00:00:00", "title": "Fedora 26 : git (2017-7ea0e02914)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-7ea0e02914.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101665);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:51:02 $\");\n\n script_cve_id(\"CVE-2017-8386\");\n script_xref(name:\"FEDORA\", value:\"2017-7ea0e02914\");\n\n script_name(english:\"Fedora 26 : git (2017-7ea0e02914)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue in `git-shell` could allow remote users to run an interactive\npager. From the [update\nannouncement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt\nv.corp.google.com/) :\n\n... fix a recently disclosed problem with 'git shell', which may allow\na user who comes over SSH to run an interactive pager by causing it to\nspawn 'git upload-pack --help' (CVE-2017-8386).\n\nThe announcement also notes :\n\nIf you are not running a server, or if your server has not been\nexplicitly configured to use git-shell as a login shell, you are not\naffected. Also note that sites running 'git shell' behind gitolite are\nNOT vulnerable. \n\nFurther details can be found in the commit message which fixed the\nissue ([3ec804490](https://github.com/git/git/commit/3ec804490)).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-7ea0e02914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/git/git/commit/3ec804490\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"git-2.13.0-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:53", "bulletinFamily": "scanner", "description": "Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3287-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=100218", "published": "2017-05-16T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : git vulnerability (USN-3287-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3287-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100218);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:41\");\n\n script_cve_id(\"CVE-2017-8386\");\n script_xref(name:\"USN\", value:\"3287-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : git vulnerability (USN-3287-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timo Schmid discovered that the Git restricted shell incorrectly\nfiltered allowed commands. A remote attacker could possibly use this\nissue to run an interactive pager and access sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3287-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"git\", pkgver:\"1:1.9.1-1ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"git\", pkgver:\"1:2.7.4-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"git\", pkgver:\"1:2.9.3-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"git\", pkgver:\"1:2.11.0-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:53", "bulletinFamily": "scanner", "description": "An issue in `git-shell` could allow remote users to run an interactive pager. From the [update announcement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt v.corp.google.com/) :\n\n... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' (CVE-2017-8386).\n\nThe announcement also notes :\n\nIf you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running 'git shell' behind gitolite are NOT vulnerable. \n\nFurther details can be found in the commit message which fixed the issue ([3ec804490](https://github.com/git/git/commit/3ec804490)).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-02-02T00:00:00", "id": "FEDORA_2017-F4319B6DFC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=100200", "published": "2017-05-16T00:00:00", "title": "Fedora 25 : git (2017-f4319b6dfc)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f4319b6dfc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100200);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:59:07 $\");\n\n script_cve_id(\"CVE-2017-8386\");\n script_xref(name:\"FEDORA\", value:\"2017-f4319b6dfc\");\n\n script_name(english:\"Fedora 25 : git (2017-f4319b6dfc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue in `git-shell` could allow remote users to run an interactive\npager. From the [update\nannouncement](https://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mt\nv.corp.google.com/) :\n\n... fix a recently disclosed problem with 'git shell', which may allow\na user who comes over SSH to run an interactive pager by causing it to\nspawn 'git upload-pack --help' (CVE-2017-8386).\n\nThe announcement also notes :\n\nIf you are not running a server, or if your server has not been\nexplicitly configured to use git-shell as a login shell, you are not\naffected. Also note that sites running 'git shell' behind gitolite are\nNOT vulnerable. \n\nFurther details can be found in the commit message which fixed the\nissue ([3ec804490](https://github.com/git/git/commit/3ec804490)).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f4319b6dfc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/git/git/commit/3ec804490\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"git-2.9.4-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:31:09", "bulletinFamily": "scanner", "description": "Escape out of git-shell\n\nA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2017-842.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=100643", "published": "2017-06-07T00:00:00", "title": "Amazon Linux AMI : git (ALAS-2017-842)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-842.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100643);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-8386\");\n script_xref(name:\"ALAS\", value:\"2017-842\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2017-842)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Escape out of git-shell\n\nA flaw was found in the way git-shell handled command-line options for\nthe restricted set of git-shell commands. A remote authenticated\nattacker could use this flaw to bypass git-shell restrictions, to view\nand manipulate files, by abusing the instance of the less command\nlaunched using crafted command-line options. (CVE-2017-8386)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-842.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-el-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-all-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-bzr-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-cvs-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-daemon-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-debuginfo-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-email-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-hg-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-p4-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-svn-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gitweb-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-2.7.5-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-SVN-2.7.5-1.49.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:28", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:2004\n\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938)\n\n* A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html\n\n**Affected packages:**\nemacs-git\nemacs-git-el\ngit\ngit-all\ngit-bzr\ngit-cvs\ngit-daemon\ngit-email\ngit-gui\ngit-hg\ngit-p4\ngit-svn\ngitk\ngitweb\nperl-Git\nperl-Git-SVN\n\n**Upstream details at:**\n", "modified": "2017-08-24T01:37:18", "published": "2017-08-24T01:37:18", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004134.html", "id": "CESA-2017:2004", "title": "emacs, git, gitk, gitweb, perl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-23T15:07:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310871860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871860", "title": "RedHat Update for git RHSA-2017:2004-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2004-01_git.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for git RHSA-2017:2004-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871860\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:23 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2014-9938\", \"CVE-2017-8386\", \"CVE-2011-2192\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for git RHSA-2017:2004-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Git is a distributed revision control system\n with a decentralized architecture. As opposed to centralized version control\n systems with a client-server model, Git ensures that each working copy of a Git\n repository is an exact copy with complete revision history. This not only allows\n the user to work on and contribute to projects without the need to have\n permission to push the changes to their official repositories, but also makes it\n possible for the user to work with no network connection. Security Fix(es): * It\n was found that the git-prompt.sh script shipped with git failed to correctly\n handle branch names containing special characters. A specially crafted git\n repository could use this flaw to execute arbitrary commands if a user working\n with the repository configured their shell to include repository information in\n the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled\n command-line options for the restricted set of git-shell commands. A remote,\n authenticated attacker could use this flaw to bypass git-shell restrictions, to\n view and manipulate files, by abusing the instance of the less command launched\n using crafted command-line options. (CVE-2017-8386) Additional Changes: For\n detailed information on changes in this release, see the Red Hat Enterprise\n Linux 7.4 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"git on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2004-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00025.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~11.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~11.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"git-debuginfo\", rpm:\"git-debuginfo~1.8.3.1~11.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-14T14:20:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-03-24T00:00:00", "id": "OPENVAS:1361412562310843107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843107", "title": "Ubuntu Update for git USN-3243-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for git USN-3243-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843107\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 05:48:39 +0100 (Fri, 24 Mar 2017)\");\n script_cve_id(\"CVE-2014-9938\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for git USN-3243-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Git incorrectly\n sanitized branch names in the PS1 variable when configured to display the\n repository status in the shell prompt. If a user were tricked into exploring a\n malicious repository, a remote attacker could use this issue to execute\n arbitrary code.\");\n script_tag(name:\"affected\", value:\"git on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3243-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3243-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:1.9.1-1ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-14T14:20:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-05-15T00:00:00", "id": "OPENVAS:1361412562310843161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843161", "title": "Ubuntu Update for git USN-3287-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for git USN-3287-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843161\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-15 17:55:26 +0200 (Mon, 15 May 2017)\");\n script_cve_id(\"CVE-2017-8386\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for git USN-3287-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Timo Schmid discovered that the Git\n restricted shell incorrectly filtered allowed commands. A remote attacker could\n possibly use this issue to run an interactive pager and access sensitive\n information.\");\n script_tag(name:\"affected\", value:\"git on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3287-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3287-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:1.9.1-1ubuntu0.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.11.0-2ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.9.3-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.7.4-0ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:34", "bulletinFamily": "scanner", "description": "Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn ", "modified": "2017-07-07T00:00:00", "published": "2017-05-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703848", "id": "OPENVAS:703848", "title": "Debian Security Advisory DSA 3848-1 (git - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3848.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3848-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703848);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-8386\");\n script_name(\"Debian Security Advisory DSA 3848-1 (git - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-10 00:00:00 +0200 (Wed, 10 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3848.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"git on Debian Linux\");\n script_tag(name: \"insight\", value: \"Git is popular version control system designed to handle very large\nprojects with speed and efficiency; it is used for many high profile\nopen source projects, most notably the Linux kernel.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.4-2.1+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.11.0-3.\n\nWe recommend that you upgrade your git packages.\");\n script_tag(name: \"summary\", value: \"Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn 'git upload-pack --help'.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.1.4-2.1+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-19T12:30:27", "bulletinFamily": "scanner", "description": "Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn ", "modified": "2019-03-18T00:00:00", "published": "2017-05-10T00:00:00", "id": "OPENVAS:1361412562310703848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703848", "title": "Debian Security Advisory DSA 3848-1 (git - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3848.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3848-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703848\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-8386\");\n script_name(\"Debian Security Advisory DSA 3848-1 (git - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 00:00:00 +0200 (Wed, 10 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3848.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"git on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.4-2.1+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.11.0-3.\n\nWe recommend that you upgrade your git packages.\");\n script_tag(name:\"summary\", value:\"Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn 'git upload-pack --help'.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"git\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.1.4-2.1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:28:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-15T00:00:00", "id": "OPENVAS:1361412562310872675", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872675", "title": "Fedora Update for git FEDORA-2017-f4319b6dfc", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for git FEDORA-2017-f4319b6dfc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872675\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-15 15:18:26 +0200 (Mon, 15 May 2017)\");\n script_cve_id(\"CVE-2017-8386\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for git FEDORA-2017-f4319b6dfc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"git on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f4319b6dfc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.9.4~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-19T12:27:14", "bulletinFamily": "scanner", "description": "Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn ", "modified": "2019-03-18T00:00:00", "published": "2018-01-25T00:00:00", "id": "OPENVAS:1361412562310890938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890938", "title": "Debian LTS Advisory ([SECURITY] [DLA 938-1] git security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_938.nasl 14281 2019-03-18 14:53:48Z cfischer $\n#\n# Auto-generated from advisory DLA 938-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890938\");\n script_version(\"$Revision: 14281 $\");\n script_cve_id(\"CVE-2017-8386\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 938-1] git security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:53:48 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-25 00:00:00 +0100 (Thu, 25 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00008.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"git on Debian Linux\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1:1.7.10.4-1+wheezy4.\n\nWe recommend that you upgrade your git packages.\");\n script_tag(name:\"summary\", value:\"Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn 'git upload-pack --help'.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"git\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-all\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-core\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-el\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-email\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-man\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gitk\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:1.7.10.4-1+wheezy4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:29:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-28T00:00:00", "id": "OPENVAS:1361412562310872721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872721", "title": "Fedora Update for git FEDORA-2017-01a7989fc0", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for git FEDORA-2017-01a7989fc0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872721\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-28 07:09:49 +0200 (Sun, 28 May 2017)\");\n script_cve_id(\"CVE-2017-8386\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for git FEDORA-2017-01a7989fc0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"git on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-01a7989fc0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"git\", rpm:\"git~2.7.5~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:26:07", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nIt was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.111.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.111.0 or later.\n\n# References\n\n * [USN-3243-1](<http://www.ubuntu.com/usn/usn-3243-1/>)\n * [CVE-2014-9938](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9938>)\n", "modified": "2017-04-04T00:00:00", "published": "2017-04-04T00:00:00", "id": "CFOUNDRY:926CF3F800861FCA5C7C29329B1991E8", "href": "https://www.cloudfoundry.org/blog/usn-3243-1/", "title": "USN-3243-1: Git vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-07T03:25:39", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nTimo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.120.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.120.0 or later.\n\n# References\n\n * [USN-3287-1](<http://www.ubuntu.com/usn/usn-3287-1/>)\n * [CVE-2017-8386](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8386>)\n * [bosh.io](<https://bosh.io>)\n", "modified": "2017-05-26T00:00:00", "published": "2017-05-26T00:00:00", "id": "CFOUNDRY:69CE057373E45B8B47E6145E42562370", "href": "https://www.cloudfoundry.org/blog/usn-3287-1/", "title": "USN-3287-1: Git vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:27", "bulletinFamily": "unix", "description": "It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.", "modified": "2017-03-23T00:00:00", "published": "2017-03-23T00:00:00", "id": "USN-3243-1", "href": "https://usn.ubuntu.com/3243-1/", "title": "Git vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:35", "bulletinFamily": "unix", "description": "Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.", "modified": "2017-05-15T00:00:00", "published": "2017-05-15T00:00:00", "id": "USN-3287-1", "href": "https://usn.ubuntu.com/3287-1/", "title": "Git vulnerability", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:06", "bulletinFamily": "unix", "description": "[1.8.3.1-11]\n- dissalow repo names beginning with dash\n Resolves: CVE-2017-8386\n[-1.8.3.1-10]\n- do not put unsanitized branch names in \n Resolves: CVE-2014-9938\n[-1.8.3.1-9]\n- add control of GSSAPI credential delegation to enable HTTP(S)-SSO\n authentication\n Resolves: #1369173\n[1.8.3.1-8]\n- remove needles check of xmalloc from previous patch\n Resolves: #1318255\n[1.8.3.1-7]\n- fix heap overflow CVE-2016-2315 CVE-2016-2324\n Resolves: #1318255", "modified": "2017-08-07T00:00:00", "published": "2017-08-07T00:00:00", "id": "ELSA-2017-2004", "href": "http://linux.oracle.com/errata/ELSA-2017-2004.html", "title": "git security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2017-06-06T09:13:54", "bulletinFamily": "unix", "description": "### Background\n\nGit is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. \n\n### Description\n\nTimo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. \n\n### Impact\n\nA remote attacker could possibly bypass security restrictions and access sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Git users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/git-2.13.0\"", "modified": "2017-06-06T00:00:00", "published": "2017-06-06T00:00:00", "href": "https://security.gentoo.org/glsa/201706-04", "id": "GLSA-201706-04", "title": "Git: Security bypass", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2018-10-16T22:12:59", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3848-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 10, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : git\nCVE ID : CVE-2017-8386\n\nTimo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn "git upload-pack --help".\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.4-2.1+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.11.0-3.\n\nWe recommend that you upgrade your git packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-05-10T06:41:56", "published": "2017-05-10T06:41:56", "id": "DEBIAN:DSA-3848-1:B78B9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00107.html", "title": "[SECURITY] [DSA 3848-1] git security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:19", "bulletinFamily": "unix", "description": "Package : git\nVersion : 1:1.7.10.4-1+wheezy4\nCVE ID : CVE-2017-8386\n\nTimo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn "git upload-pack --help".\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.7.10.4-1+wheezy4.\n\nWe recommend that you upgrade your git packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-05-10T19:56:18", "published": "2017-05-10T19:56:18", "id": "DEBIAN:DLA-938-1:1A47A", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201705/msg00008.html", "title": "[SECURITY] [DLA 938-1] git security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:16", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nEscape out of git-shell \nA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. ([CVE-2017-8386 __](<https://access.redhat.com/security/cve/CVE-2017-8386>))\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n git-daemon-2.7.5-1.49.amzn1.i686 \n git-2.7.5-1.49.amzn1.i686 \n git-svn-2.7.5-1.49.amzn1.i686 \n git-debuginfo-2.7.5-1.49.amzn1.i686 \n \n noarch: \n perl-Git-SVN-2.7.5-1.49.amzn1.noarch \n git-cvs-2.7.5-1.49.amzn1.noarch \n perl-Git-2.7.5-1.49.amzn1.noarch \n git-all-2.7.5-1.49.amzn1.noarch \n git-p4-2.7.5-1.49.amzn1.noarch \n gitweb-2.7.5-1.49.amzn1.noarch \n emacs-git-2.7.5-1.49.amzn1.noarch \n git-hg-2.7.5-1.49.amzn1.noarch \n emacs-git-el-2.7.5-1.49.amzn1.noarch \n git-email-2.7.5-1.49.amzn1.noarch \n git-bzr-2.7.5-1.49.amzn1.noarch \n \n src: \n git-2.7.5-1.49.amzn1.src \n \n x86_64: \n git-svn-2.7.5-1.49.amzn1.x86_64 \n git-debuginfo-2.7.5-1.49.amzn1.x86_64 \n git-2.7.5-1.49.amzn1.x86_64 \n git-daemon-2.7.5-1.49.amzn1.x86_64 \n \n \n", "modified": "2017-06-06T22:51:00", "published": "2017-06-06T22:51:00", "id": "ALAS-2017-842", "href": "https://alas.aws.amazon.com/ALAS-2017-842.html", "title": "Medium: git", "type": "amazon", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "myhack58": [{"lastseen": "2017-05-11T11:22:06", "bulletinFamily": "info", "description": "git-shell git remote session on the introduction of a ssh tunnel, is a restricted shell. Its the basic idea behind is, in the ssh session limit to be able to execute the command, so that it can only execute git needs the appropriate command. git needs to execute the command as follows: \ngit-receive-pack \nBusiness repository updates from the client. \ngit-upload-pack \nPushes repository updates to the client. \ngit-upload-archive \nPushes a repository archive to the client. \nIn addition to the above several own command, the administrator can also through the shell script file or other executable file to provide a custom command. Since these customizations are completely custom, so here the main discussion that comes with command. \nIf you are familiar with git, then you probably know most of the server will be the git Protocol is encapsulated in the SSH, HTTP/S[3]Protocol. This is because the git Protocol is based on a simple text Protocol[4], in the data transmission does not provide any authentication or protection mechanism. The usual practice is to use the SSH Protocol for repository write access control, because the SSH Protocol itself provides a variety of authentication mechanism and reliable encryption, low Protocol overhead. \nUsing SSH drawback is that the beginning of the period SSH to the remote user with Shell access. And usually, the git user does not have shell access. In order to restrict connections, so that it is only able to access the repository, we need the original shell typical is the bash shell, or similar to replace for a more restricted shell. Mainframe vendors are usually their own achieve the above git commands. But you can also use the git developers with the shell the shell is limited to only allow the call to execute the whitelist command. \nBuild process is very simple. Comparison of recommendations on the server the server creates a specific user, and use the git-shell command as \nThe user's login shell[5]. Fig. Another way is to use SSH force command, is that you can for each client limit is dependent on the login process using the key, the latter will also introduce other ways. \nIf the local repository set up remote access to the repository, the git push command essentially executes the following command: \nssh git@remoteserver \u201cgit-receive-pack \u2018/myrepository. git'\u201d \n008957d650a081a34bcbacdcdb5a94bddb506adfe8e0 refs/heads/develop report-status delete-refs side-band-64k quiet ofs-delta agent=git/2.1.4 \n003fbe8910f121957e3326c4fdd328ab9aabd05abdb5 refs/heads/master \n00000000 \nIf the two repository with the same commit, if the execution command is not in the whitelist and not listed above that comes with the command, nor in the home directory under git-shell-commands directory, then the error message prompt the command is not recognized. Since it is not an interactive shell, a typical command injection attack here does not apply. On the contrary, command line only separated by a space open\uff08quotation marks contains the whole, and is execve implementation. \nThe above situation, let me more to consider assignment Protocol processing of the binary file itself. git itself provides a help command for a specific command to open the help page(man page), as the init command: \n$ git help init \nGIT-INIT(1) Git Manual GIT-INIT(1) \n\nNAME \ngit-init - Create an empty Git repository or reinitialize an existing one \n[...] \nSome other commands can also be through the-help parameter to display the command corresponding to the help page, as shown below: \n$ git init --help \nGIT-INIT(1) Git Manual GIT-INIT(1) \n\nNAME \ngit-init - Create an empty Git repository or reinitialize an existing one \n[...] \nSimilarly, this also applies to the git-receive-pack, git-upload-archive command. On the server run git-receive-pack-help command, as shown below: \n$ ssh git@remoteserver \"git-receive-pack '--help'\" \nGIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1) \n\nNAME \ngit-receive-pack - Receive what is pushed into the repository \n[...] \nBut how can I bypass to be able to execute the command limit? On most systems, if you use the man command opens the help page, man specification is parsed, rendering, and ANSI output is piped to the pager, usually less. So that we can scroll and search the help page, and with the terminal the terminal is strong and capacity is irrelevant. \nIn addition to being a simple pager, the less command also has additional interactive features. It allows you to open the other file and read the output current is output to the log file in the current shell execution of system commands. You want to be able to take advantage of these features, the need in the interactive mode run the less command. In pty the available case, the interactive mode is available. Usually SSH connection to the server, pty is enabled, but running directly the command's pty is not available. Fortunately, we can force the ssh client to allocate a pty as long as the server side does not disable it, usually the server does not disable it. Run the example as follows: \n$ ssh-t git@remoteserver \"git-receive-pack '--help'\" \nGIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1) \n\nNAME \ngit-receive-pack - Receive what is pushed into the repository \nManual page git-receive-pack(1) line 1 (press h for help or q to quit) \nNow we can use the less command of the interactive features. The above recommendations of the establishment mode has a limit, that is due to the shell implementation of any course is in the current git-shell environment, before git-shell for ssh can execute command limitations also apply to this time to execute the command. Anyway, our limit can be read in the file, list the directory using tab completion, and the currently displayed result is output to the file if the able to control the portion of the file content, the role of the more \n\n\n**[1] [[2]](<86028_2.htm>) [next](<86028_2.htm>)**\n", "modified": "2017-05-11T00:00:00", "published": "2017-05-11T00:00:00", "id": "MYHACK58:62201786028", "href": "http://www.myhack58.com/Article/html/3/62/2017/86028.htm", "title": "CVE-2017-8386: using the less command to bypass the git-shell limit-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}]}
