CVE-2017-1000117
Publication date 10 August 2017
Last updated 24 July 2024
Ubuntu priority
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
From the Ubuntu Security Team
Brian Neel, Joern Schneeweisz, and Jeff King discovered that Git did not properly handle host names in 'ssh://' URLs. A remote attacker could use this to construct a git repository that when accessed could run arbitrary code with the privileges of the user.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| git | ||
| 16.04 LTS xenial |
Fixed 1:2.7.4-0ubuntu1.2
|
|
| 14.04 LTS trusty |
Fixed 1:1.9.1-1ubuntu0.6
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3387-1
- Git vulnerability
- 11 August 2017