EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)

Critical Nessus Plugin ID 124923

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

- In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone
--recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)

- A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious repository or a legitimate repository containing a malicious commit.(CVE-2017-1000117)

- Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name.
The vulnerable code is reachable via git-shell even without CVS support.(CVE-2017-14867)

- It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt.(CVE-2014-9938)

- An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2324)

- A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.(CVE-2015-7545)

- Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.(CVE-2018-17456)

- An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.(CVE-2016-2315)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected git packages.

See Also

http://www.nessus.org/u?8375b968

Plugin Details

Severity: Critical

ID: 124923

File Name: EulerOS_SA-2019-1420.nasl

Version: 1.5

Type: local

Published: 2019/05/14

Updated: 2019/06/27

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:git, p-cpe:/a:huawei:euleros:perl-Git, cpe:/o:huawei:euleros:uvp:3.0.1.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/05/07

Exploitable With

Metasploit (Malicious Git HTTP Server For CVE-2018-17456)

Reference Information

CVE: CVE-2014-9938, CVE-2015-7545, CVE-2016-2315, CVE-2016-2324, CVE-2017-1000117, CVE-2017-14867, CVE-2018-11235, CVE-2018-17456