UBUNTU-CVE-2017-8386
- Source
- https://ubuntu.com/security/CVE-2017-8386
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8386.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-8386
- Related
- Published
- 2017-05-10T00:00:00Z
- Modified
- 2025-01-13T10:21:23Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
- References
-
- https://ubuntu.com/security/CVE-2017-8386
- http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
- http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html
- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
- https://ubuntu.com/security/notices/USN-3287-1
- https://www.cve.org/CVERecord?id=CVE-2017-8386
Affected packages
Ubuntu:14.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:1.9.1-1ubuntu0.5?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.9.1-1ubuntu0.5
Affected versions
1:1.*
1:1.8.3.2-1
1:1.8.4.2-1
1:1.8.4.3-1
1:1.8.4.4-1
1:1.8.5-1
1:1.8.5.1-1
1:1.8.5.2-1
1:1.8.5.2-2
1:1.8.5.3-1
1:1.9~rc1-1
1:1.9.0-1
1:1.9.1-1
1:1.9.1-1ubuntu0.1
1:1.9.1-1ubuntu0.2
1:1.9.1-1ubuntu0.3
1:1.9.1-1ubuntu0.4
Ecosystem specific
{
"ubuntu_priority": "medium",
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-all",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-arch",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-bzr",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-core",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-cvs",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-doc",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-el",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-email",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-gui",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-man",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "git-svn",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "gitk",
"binary_version": "1:1.9.1-1ubuntu0.5"
},
{
"binary_name": "gitweb",
"binary_version": "1:1.9.1-1ubuntu0.5"
}
]
}
Ubuntu:16.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.7.4-0ubuntu1.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.7.4-0ubuntu1.1
Affected versions
1:2.*
1:2.5.0-1
1:2.6.2-1
1:2.6.3-1
1:2.6.4-1
1:2.7.0~rc3-1
1:2.7.0-1
1:2.7.3-0ubuntu1
1:2.7.4-0ubuntu1
Ecosystem specific
{
"ubuntu_priority": "medium",
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-all",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-arch",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-core",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-doc",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-el",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-email",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-man",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "gitk",
"binary_version": "1:2.7.4-0ubuntu1.1"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.7.4-0ubuntu1.1"
}
]
}