Russian Vulnerability Scanner Database

Back to List

CVE-2017-1000117

Scores

EPSS

0.764medium76.4%
0%20%40%60%80%100%

Percentile: 76.4%

CVSS

6.3medium3.x
0246810

CVSS Score: 6.3/10

All CVSS Scores

CVSS 3.x
6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

A malicious third-party can give a crafted “ssh://…” URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim’s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running “git clone –recurse-submodules” to trigger the vulnerability.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-20CWE-601

Exploits

Exploit ID: 42599

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42599

Exploit ID: CVE-2017-1000117

Source: github-poc

URL: https://github.com/Jerry-zhuang/CVE-2017-1000117

Recommendations

Source: nvd

All Git users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-vcs/git-2.13.5”

URL: https://security.gentoo.org/glsa/201709-10

Vulnerable Software (41)

Type: Configuration

Product: emacs-git

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: fh-system-dump-tool

Operating System: rhel

Trait: 
{  "fixed": "1.0.0-5.el7"}

Source: redhat

Type: Configuration

Product: fping

Operating System: rhel

Trait: 
{  "fixed": "3.10-4.el7map"}

Source: redhat

Type: Configuration

Product: git

Operating System: rhel 6

Trait: 
{  "fixed": "1.7.1-9.el6_9"}

Source: redhat

Type: Configuration

Product: git

Operating System: rhel 7

Trait: 
{  "fixed": "1.8.3.1-12.el7_4"}

Source: redhat

Type: Configuration

Product: git

Operating System: debian

Trait: 
{  "fixed": "1:2.14.1-1"}

Source: debian

Type: Configuration

Product: git

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "1:1.9.1-1ubuntu0.6"}

Source: ubuntu

Type: Configuration

Product: git

Operating System: ubuntu xenial 16.04

Trait: 
{  "fixed": "1:2.7.4-0ubuntu1.2"}

Source: ubuntu

Type: Configuration

Product: git

Operating System: ubuntu zesty 17.04

Trait: 
{  "fixed": "1:2.11.0-2ubuntu0.2"}

Source: ubuntu

Type: Configuration

Product: git

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-arch

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-contrib

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-core

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-cvs

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-doc

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-email

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-gui

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-server

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: git-svn

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat

Type: Configuration

Product: gitk

Operating System: altlinux

Trait: 
{  "fixed": "0:2.10.4-alt1"}

Source: redhat