Detections
Analytics
Linux Distros Unpatched Vulnerability : CVE-2018-1000021
medium Nessus Plugin ID 221651
Language:
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.- GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
(CVE-2018-1000021)
Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.See Also
https://access.redhat.com/security/cve/cve-2018-1000021
https://security-tracker.debian.org/tracker/CVE-2018-1000021
Plugin Details
Severity: Medium
ID: 221651
File Name: unpatched_CVE_2018_1000021.nasl
Version: 1.5
Type: local
Agent: unix
Family: Misc.
Published: 3/4/2025
Updated: 9/14/2025
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-1000021
CVSS v3
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:11.0, cpe:/o:redhat:enterprise_linux:6, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:centos:centos:emacs-git-el, p-cpe:/a:centos:centos:git-all, p-cpe:/a:centos:centos:git-daemon, p-cpe:/a:centos:centos:git-email, p-cpe:/a:centos:centos:git-svn, p-cpe:/a:centos:centos:gitk, p-cpe:/a:centos:centos:git-hg, p-cpe:/a:centos:centos:git-p4, p-cpe:/a:redhat:enterprise_linux:emacs-git-el, p-cpe:/a:redhat:enterprise_linux:git-all, p-cpe:/a:redhat:enterprise_linux:git-daemon, p-cpe:/a:redhat:enterprise_linux:git-email, p-cpe:/a:redhat:enterprise_linux:git-hg, p-cpe:/a:redhat:enterprise_linux:git-p4, p-cpe:/a:redhat:enterprise_linux:git-svn, p-cpe:/a:redhat:enterprise_linux:gitk, p-cpe:/a:redhat:enterprise_linux:git-credential-libsecret, p-cpe:/a:centos:centos:git-credential-libsecret, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:centos:centos:emacs-git, p-cpe:/a:centos:centos:git, p-cpe:/a:centos:centos:git-cvs, p-cpe:/a:centos:centos:git-gui, p-cpe:/a:centos:centos:gitweb, p-cpe:/a:centos:centos:perl-git, p-cpe:/a:centos:centos:git-bzr, p-cpe:/a:centos:centos:perl-git-svn, p-cpe:/a:centos:centos:git-gnome-keyring, p-cpe:/a:centos:centos:git-instaweb, p-cpe:/a:debian:debian_linux:git, p-cpe:/a:redhat:enterprise_linux:emacs-git, p-cpe:/a:redhat:enterprise_linux:git, p-cpe:/a:redhat:enterprise_linux:git-bzr, p-cpe:/a:redhat:enterprise_linux:git-cvs, p-cpe:/a:redhat:enterprise_linux:git-gui, p-cpe:/a:redhat:enterprise_linux:gitweb, p-cpe:/a:redhat:enterprise_linux:perl-git, p-cpe:/a:redhat:enterprise_linux:perl-git-svn, p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring, p-cpe:/a:redhat:enterprise_linux:git-instaweb, p-cpe:/a:redhat:enterprise_linux:git-core, p-cpe:/a:redhat:enterprise_linux:git-core-doc, p-cpe:/a:redhat:enterprise_linux:git-subtree, p-cpe:/a:canonical:ubuntu_linux:git, cpe:/o:centos:centos:8, p-cpe:/a:centos:centos:git-core, p-cpe:/a:centos:centos:git-core-doc, p-cpe:/a:centos:centos:git-subtree, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:debian:debian_linux:12.0, cpe:/o:debian:debian_linux:13.0, cpe:/o:debian:debian_linux:14.0
Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 2/9/2018
Reference Information
CVE: CVE-2018-1000021