Fedora 25 : git (2017-f4319b6dfc)

🗓️ 16 May 2017 00:00:00Reported by TenableType

Issue in 'git-shell' allows remote users to run interactive page

Reporter	Title	Published	Views	Family All 86
ALT Linux	Security fix for the ALT Linux 10 package git version 2.10.3-alt1	11 May 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package git version 2.10.3-alt1	11 May 201700:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Vulnerabilities in git affect PowerKVM	18 Jun 201801:38	–	ibm
Amazon	Medium: git	6 Jun 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : git (ALAS-2017-842)	7 Jun 201700:00	–	nessus
Tenable Nessus	CentOS 7 : git (CESA-2017:2004)	25 Aug 201700:00	–	nessus
Tenable Nessus	Debian DLA-938-1 : git security update	11 May 201700:00	–	nessus
Tenable Nessus	Debian DSA-3848-1 : git - security update	11 May 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)	8 Sep 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188)	8 Sep 201700:00	–	nessus

Source	Link
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2017-f4319b6dfc
github	www.github.com/git/git/commit/3ec804490
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-f4319b6dfc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(100200);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/18");

  script_cve_id("CVE-2017-8386");
  script_xref(name:"FEDORA", value:"2017-f4319b6dfc");

  script_name(english:"Fedora 25 : git (2017-f4319b6dfc)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"An issue in `git-shell` could allow remote users to run an interactive
pager. From the [update
announcement](https://public-inbox.org/git/[email protected]
v.corp.google.com/) :

... fix a recently disclosed problem with 'git shell', which may allow
a user who comes over SSH to run an interactive pager by causing it to
spawn 'git upload-pack --help' (CVE-2017-8386).

The announcement also notes :

If you are not running a server, or if your server has not been
explicitly configured to use git-shell as a login shell, you are not
affected. Also note that sites running 'git shell' behind gitolite are
NOT vulnerable. 

Further details can be found in the commit message which fixed the
issue ([3ec804490](https://github.com/git/git/commit/3ec804490)).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f4319b6dfc");
  script_set_attribute(attribute:"see_also", value:"https://github.com/git/git/commit/3ec804490");
  script_set_attribute(attribute:"solution", value:
"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8386");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC25", reference:"git-2.9.4-1.fc25")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

18 Dec 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 26.5

CVSS 38.8

EPSS0.71499