#VU6933 Privilege escalation in Git - CVE-2017-8386

Cybersecurity Help s.r.o.

Published: 2017-06-06 | Updated: 2017-06-07

Vulnerability identifier: #VU6933

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-8386

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Git
Client/Desktop applications / Software for system administration

Vendor: Git

Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to an error when handling command-line options for the restricted set of git-shell commands. A remote attacker can use a repository name that starts with a - (dash) character to bypass git-shell restrictions and gain elevated privileges.

Successful exploitation of the vulnerability results in access to the system and information disclosure.

Mitigation
Update to version 2.13.0.

Vulnerable software versions

Git: 2.4 - 2.4.12, 2.5 - 2.5.6, 2.6 - 2.6.7, 2.7 - 2.7.5, 2.8 - 2.8.5, 2.9 - 2.9.4, 2.10 - 2.12.3

External links
https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in git (Alpine package)

Amazon Linux AMI update for git

Privilege escalation in Git

Ubuntu update for Git

Arch Linux update for git

Debian update for git