Git for Windows 2.7.x < 2.7.6 / 2.8.x < 2.8.6 / 2.9.x < 2.9.5 / 2.10.x < 2.10.4 / 2.11.x < 2.11.13 / 2.12.x < 2.12.4 / 2.13.x < 2.13.5 / 2.14.x < 2.14.1 Malicious SSH URL Command Execution

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by a command execution vulnerability.

Description :

The version of Git for Windows installed on the remote host is version
2.7.x prior to 2.7.6, 2.8.x prior to 2.8.6, 2.9.x prior to 2.9.5,
2.10.x prior to 2.10.4, 2.11.x prior to 2.11.13, 2.12.x prior to
2.12.4, 2.13.x prior to 2.13.5, or 2.14.x prior to 2.14.1. It is,
therefore, affected by a command execution vulnerability due to a flaw
in the handling of 'ssh://' URLs that begin with a dash. A maliciously
crafted 'ssh://' URL causes Git clients to run an arbitrary shell
command. Such a URL could be placed in the .gitmodules file of a
malicious project, and an unsuspecting victim could be tricked into
running 'git clone --recurse-submodules' to trigger the vulnerability.

See also :

http://www.nessus.org/u?894dcb77
http://www.nessus.org/u?c0aca1c0
http://www.nessus.org/u?4798389e
http://www.nessus.org/u?a099ed51
http://www.nessus.org/u?4c6ad422
http://www.nessus.org/u?6a506ef2
http://www.nessus.org/u?0d9668c9
http://www.nessus.org/u?d38639e5
http://www.nessus.org/u?aea2c8f6
http://www.nessus.org/u?aafcb0d4

Solution :

Upgrade to Git for Windows 2.7.6 / 2.8.6 / 2.9.5 / 2.10.4 / 2.11.13 / 2.12.4 / 2.13.5 / 2.14.1 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 102494 ()

Bugtraq ID:

CVE ID: CVE-2017-1000117

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now