EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1266)

🗓️ 01 Nov 2017 00:00:00Reported by TenableType

EulerOS 2.0 SP2 git vulnerability CVE-2017-1486

Reporter	Title	Published	Views	Family All 67
ALT Linux	Security fix for the ALT Linux 8 package git version 2.10.5-alt1	22 Sep 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package git version 2.10.5-alt1	22 Sep 201700:00	–	altlinux
Amazon	Medium: git	12 Oct 201700:00	–	amazon
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private	20 Jul 201818:56	–	ibm
BDU FSTEC	The vulnerability of the distributed Git version control system, related to insufficient validation of input data, allows a hacker to execute arbitrary operating system commands.	3 Nov 201700:00	–	bdu_fstec
CBLMariner	CVE-2017-14867 affecting package git for versions less than 2.45.2-1	22 Jul 202423:01	–	cbl_mariner
Cloud Foundry	USN-3438-1: Git vulnerability \| Cloud Foundry	6 Oct 201700:00	–	cloudfoundry
CNVD	Git OS Command Injection Vulnerability	29 Sep 201700:00	–	cnvd
CVE	CVE-2017-14867	28 Sep 201714:00	–	cve
Cvelist	CVE-2017-14867	28 Sep 201714:00	–	cvelist

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(104291);
  script_version("3.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/17");

  script_cve_id("CVE-2017-14867");

  script_name(english:"EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1266)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the git packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before
    2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2
    uses unsafe Perl scripts to support subcommands such as
    cvsserver, which allows attackers to execute arbitrary
    OS commands via shell metacharacters in a module
    name.(CVE-2017-14867)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1266
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?908c15e7");
  script_set_attribute(attribute:"solution", value:
"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14867");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["git-1.8.3.1-12.h1",
        "perl-Git-1.8.3.1-12.h1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

17 Nov 2025 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 38.8

CVSS 29

EPSS0.36003