Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891144
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for git-annex (DLA-1144-1)
Summary:git-annex before 6.20170818 allows remote attackers to execute arbitrary;commands via an ssh URL with an initial dash character in the hostname,;as demonstrated by an ssh://-eProxyCommand= URL, a related issue to;CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
Description:Summary:
git-annex before 6.20170818 allows remote attackers to execute arbitrary
commands via an ssh URL with an initial dash character in the hostname,
as demonstrated by an ssh://-eProxyCommand= URL, a related issue to
CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.

Affected Software/OS:
git-annex on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
3.20120629+deb7u1.

We recommend that you upgrade your git-annex packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9800
BugTraq ID: 100259
http://www.securityfocus.com/bid/100259
Bugtraq: 20170810 [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released (Google Search)
http://www.securityfocus.com/archive/1/540999/100/0/threaded
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.html
https://subversion.apache.org/security/CVE-2017-9800-advisory.txt
https://support.apple.com/HT208103
Debian Security Information: DSA-3932 (Google Search)
http://www.debian.org/security/2017/dsa-3932
https://security.gentoo.org/glsa/201709-09
http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76@%3Ccommits.subversion.apache.org%3E
RedHat Security Advisories: RHSA-2017:2480
https://access.redhat.com/errata/RHSA-2017:2480
http://www.securitytracker.com/id/1039127
CopyrightCopyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.