FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Mercurial Release Notes :


Mercurial's symlink auditing was incomplete prior to 4.3, and could be
abused to write to files outside the repository.


Mercurial was not sanitizing hostnames passed to ssh, allowing shell
injection attacks on clients by specifying a hostname starting with
-oProxyCommand. This is also present in Git (CVE-2017-1000117) and
Subversion (CVE-2017-9800), so please patch those tools as well if you
have them installed.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 102465 ()

Bugtraq ID:

CVE ID: CVE-2017-1000115

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now