Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2835-1.NASL
HistoryDec 16, 2015 - 12:00 a.m.

Ubuntu 14.04 LTS : Git vulnerability (USN-2835-1)

2015-12-1600:00:00
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2835-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87407);
  script_version("2.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2015-7545");
  script_xref(name:"USN", value:"2835-1");

  script_name(english:"Ubuntu 14.04 LTS : Git vulnerability (USN-2835-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Blake Burkhart discovered that the Git git-remote-ext helper
incorrectly handled recursive clones of git repositories. A remote
attacker could possibly use this issue to execute arbitrary code by
injecting commands via crafted URLs.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2835-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7545");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-arch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-bzr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-daemon-run");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-daemon-sysvinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-mediawiki");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gitk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gitweb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'git', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-all', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-arch', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-bzr', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-core', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-cvs', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-daemon-run', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-daemon-sysvinit', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-el', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-email', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-gui', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-man', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-mediawiki', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'git-svn', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'gitk', 'pkgver': '1:1.9.1-1ubuntu0.2'},
    {'osver': '14.04', 'pkgname': 'gitweb', 'pkgver': '1:1.9.1-1ubuntu0.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-arch / git-bzr / git-core / git-cvs / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxgit-mediawikip-cpe:/a:canonical:ubuntu_linux:git-mediawiki
canonicalubuntu_linuxgit-svnp-cpe:/a:canonical:ubuntu_linux:git-svn
canonicalubuntu_linuxgitkp-cpe:/a:canonical:ubuntu_linux:gitk
canonicalubuntu_linuxgitwebp-cpe:/a:canonical:ubuntu_linux:gitweb
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linuxgitp-cpe:/a:canonical:ubuntu_linux:git
canonicalubuntu_linuxgit-allp-cpe:/a:canonical:ubuntu_linux:git-all
canonicalubuntu_linuxgit-archp-cpe:/a:canonical:ubuntu_linux:git-arch
canonicalubuntu_linuxgit-bzrp-cpe:/a:canonical:ubuntu_linux:git-bzr
canonicalubuntu_linuxgit-corep-cpe:/a:canonical:ubuntu_linux:git-core
Rows per page:
1-10 of 171

Related

cvelist 1
openvas 12
nessus 11
prion 1
debian 2
veracode 1
oraclelinux 2
centos 1
ibm 1
freebsd 1
redhat 2
debiancve 1
cve 1
ubuntucve 1
amazon 1
ubuntu 1
mageia 1
hackerone 1
archlinux 2
slackware 1
gentoo 1
rosalinux 1
cvelist
cvelist
CVE-2015-7545
2016-04-13 15:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2835-1)
2015-12-16 00:00:00
RedHat Update for git RHSA-2015:2561-01
2015-12-09 00:00:00
Oracle: Security Advisory (ELSA-2015-2561)
2015-12-09 00:00:00
nessus
nessus
Debian DSA-3435-1 : git - security update
2016-01-06 00:00:00
SUSE SLES12 Security Update : Recommended update for git (SUSE-SU-2015:2325-1)
2015-12-22 00:00:00
Oracle Linux 6 / 7 : git19-git (ELSA-2015-2515)
2023-09-07 00:00:00
prion
prion
Design/Logic Flaw
2016-04-13 15:59:00
debian
debian
[SECURITY] [DSA 3435-1] git security update
2016-01-05 21:04:25
[SECURITY] [DSA 3435-1] git security update
2016-01-05 21:04:42
veracode
veracode
Arbitrary Shell Command Execution
2019-01-15 09:08:47
oraclelinux
oraclelinux
git security update
2015-12-08 00:00:00
git19-git security update
2016-02-04 00:00:00
centos
centos
emacs, git, gitk, gitweb, perl security update
2015-12-09 19:18:57
ibm
ibm
Security Bulletin: A vulnerability in git affects PowerKVM (CVE-2015-7545)
2018-06-18 01:30:44
freebsd
freebsd
Git -- Execute arbitrary code
2015-09-23 00:00:00
redhat
redhat
(RHSA-2015:2561) Moderate: git security update
2015-12-08 10:11:45
(RHSA-2015:2515) Moderate: git19-git security update
2015-11-25 00:00:00
debiancve
debiancve
CVE-2015-7545
2016-04-13 15:59:01
cve
cve
CVE-2015-7545
2016-04-13 15:59:01
ubuntucve
ubuntucve
CVE-2015-7545
2015-12-09 00:00:00
amazon
amazon
Medium: git
2015-12-14 10:00:00
ubuntu
ubuntu
Git vulnerability
2015-12-15 00:00:00
mageia
mageia
Updated mercurial packages fix security vulnerability
2016-05-12 23:00:19
hackerone
hackerone
Square Open Source: git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules
2015-12-10 06:51:26
archlinux
archlinux
mercurial: arbitrary code execution
2016-05-06 00:00:00
mercurial: arbitrary code execution
2016-04-06 00:00:00
slackware
slackware
[slackware-security] mercurial
2016-05-02 20:39:44
gentoo
gentoo
Git: Multiple vulnerabilities
2016-05-02 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1843
2021-07-02 16:45:45
JSON
Related for UBUNTU_USN-2835-1.NASL
cvelist1openvas12nessus11prion1debian2veracode1oraclelinux2centos1ibm1freebsd1redhat2debiancve1cve1ubuntucve1amazon1ubuntu1mageia1hackerone1archlinux2slackware1gentoo1rosalinux1