Debian DLA-938-1 : git security update

2017-05-1100:00:00

www.tenable.com

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn ‘git upload-pack --help’.

For Debian 7 ‘Wheezy’, these problems have been fixed in version 1:1.7.10.4-1+wheezy4.

We recommend that you upgrade your git packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-938-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(100110);
  script_version("3.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2017-8386");

  script_name(english:"Debian DLA-938-1 : git security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Timo Schmid of ERNW GmbH discovered that the Git git-shell, a
restricted login shell for Git-only SSH access, allows a user to run
an interactive pager by causing it to spawn 'git upload-pack --help'.

For Debian 7 'Wheezy', these problems have been fixed in version
1:1.7.10.4-1+wheezy4.

We recommend that you upgrade your git packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2017/05/msg00008.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/git"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-arch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-daemon-run");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-daemon-sysvinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gitk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gitweb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"git", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-all", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-arch", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-core", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-cvs", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-daemon-run", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-daemon-sysvinit", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-doc", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-el", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-email", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-gui", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-man", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"git-svn", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"gitk", reference:"1:1.7.10.4-1+wheezy4")) flag++;
if (deb_check(release:"7.0", prefix:"gitweb", reference:"1:1.7.10.4-1+wheezy4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxgitp-cpe:/a:debian:debian_linux:git
debiandebian_linuxgit-allp-cpe:/a:debian:debian_linux:git-all
debiandebian_linuxgit-archp-cpe:/a:debian:debian_linux:git-arch
debiandebian_linuxgit-corep-cpe:/a:debian:debian_linux:git-core
debiandebian_linuxgit-cvsp-cpe:/a:debian:debian_linux:git-cvs
debiandebian_linuxgit-daemon-runp-cpe:/a:debian:debian_linux:git-daemon-run
debiandebian_linuxgit-daemon-sysvinitp-cpe:/a:debian:debian_linux:git-daemon-sysvinit
debiandebian_linuxgit-docp-cpe:/a:debian:debian_linux:git-doc
debiandebian_linuxgit-elp-cpe:/a:debian:debian_linux:git-el
debiandebian_linuxgit-emailp-cpe:/a:debian:debian_linux:git-email

Vendor	Product	Version	CPE
debian	debian_linux	git	p-cpe:/a:debian:debian_linux:git
debian	debian_linux	git-all	p-cpe:/a:debian:debian_linux:git-all
debian	debian_linux	git-arch	p-cpe:/a:debian:debian_linux:git-arch
debian	debian_linux	git-core	p-cpe:/a:debian:debian_linux:git-core
debian	debian_linux	git-cvs	p-cpe:/a:debian:debian_linux:git-cvs
debian	debian_linux	git-daemon-run	p-cpe:/a:debian:debian_linux:git-daemon-run
debian	debian_linux	git-daemon-sysvinit	p-cpe:/a:debian:debian_linux:git-daemon-sysvinit
debian	debian_linux	git-doc	p-cpe:/a:debian:debian_linux:git-doc
debian	debian_linux	git-el	p-cpe:/a:debian:debian_linux:git-el
debian	debian_linux	git-email	p-cpe:/a:debian:debian_linux:git-email