[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99536

 
 

909

 
 

80128

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-1000117

Date: (C)2017-10-06   (M)2018-01-05 


A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-100283
SECTRACK-1039131
EXPLOIT-DB-42599
DSA-3934
GLSA-201709-10
RHSA-2017:2484
RHSA-2017:2485
RHSA-2017:2491
RHSA-2017:2674
RHSA-2017:2675
https://support.apple.com/HT208103
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

CPE    51
cpe:/a:git-scm:git:2.9.0
cpe:/a:git-scm:git:2.9.1
cpe:/a:git-scm:git:2.9.2
cpe:/a:git-scm:git:2.7.5
...
CWE    1
CWE-284
OVAL    10
oval:org.secpod.oval:def:1600763
oval:org.secpod.oval:def:703753
oval:org.secpod.oval:def:603052
oval:org.secpod.oval:def:502122
...

© 2013 SecPod Technologies