CVE-2017-14867

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

References

http://www.openwall.com/lists/oss-security/2017/09/26/9

http://www.securityfocus.com/bid/101060

http://www.securitytracker.com/id/1039431

https://bugs.debian.org/876854

https://lists.debian.org/debian-security-announce/2017/msg00246.html

https://public-inbox.org/git/[email protected]/T/#u

https://www.debian.org/security/2017/dsa-3984

Details

Source: MITRE

Published: 2017-09-29

Updated: 2021-01-26

Type: CWE-78

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
135580SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)NessusSuSE Local Security Checks
high
130862EulerOS 2.0 SP5 : git (EulerOS-SA-2019-2153)NessusHuawei Local Security Checks
high
124923EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)NessusHuawei Local Security Checks
critical
111887Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)NessusPhotonOS Local Security Checks
high
104291EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1266)NessusHuawei Local Security Checks
high
104290EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1265)NessusHuawei Local Security Checks
high
104077openSUSE Security Update : git (openSUSE-2017-1167)NessusSuSE Local Security Checks
high
103918SUSE SLES12 Security Update : git (SUSE-SU-2017:2747-1)NessusSuSE Local Security Checks
high
103691Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : git vulnerability (USN-3438-1)NessusUbuntu Local Security Checks
high
103622openSUSE Security Update : git (openSUSE-2017-1115)NessusSuSE Local Security Checks
high
103607Debian DLA-1120-1 : git security updateNessusDebian Local Security Checks
high
103473Debian DSA-3984-1 : git - security updateNessusDebian Local Security Checks
high