Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2017-1000116

Published: 05/10/2017 Updated: 03/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mercurial

Vulnerability Summary

Mercurial before 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mercurial mercurial

debian debian linux 8.0

debian debian linux 9.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 7.6

redhat enterprise linux server tus 7.6

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.4

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.4

Vendor Advisories

Debian Security Advisories: DSA-3963-1 mercurial -- security update
Several issues were discovered in Mercurial, a distributed revision control system CVE-2017-9462 (fixed in stretch only) Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger CVE-2017-1000115 Mercurial's symlink auditing was incomplete, ...
Debian CVElist Bug Report Logs: mercurial: CVE-2017-9462: allows remote users unauthorized access to a hg serve --stdio instance
Debian Bug report logs - #861243 mercurial: CVE-2017-9462: allows remote users unauthorized access to a hg serve --stdio instance Package: mercurial; Maintainer for mercurial is Python Applications Packaging Team <python-apps-team@listsaliothdebianorg>; Source for mercurial is src:mercurial (PTS, buildd, popcon) Reported ...
Debian CVElist Bug Report Logs: mercurial: CVE-2017-1000115: path traversal via symlink
Debian Bug report logs - #871709 mercurial: CVE-2017-1000115: path traversal via symlink Package: src:mercurial; Maintainer for src:mercurial is Python Applications Packaging Team <python-apps-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 10 Aug 2017 20:00:01 UTC Seve ...
Debian CVElist Bug Report Logs: mercurial: CVE-2017-1000116: command injection on clients through malicious ssh URLs
Debian Bug report logs - #871710 mercurial: CVE-2017-1000116: command injection on clients through malicious ssh URLs Package: src:mercurial; Maintainer for src:mercurial is Python Applications Packaging Team <python-apps-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 ...
Debian CVElist Bug Report Logs: git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976)
Debian Bug report logs - #873088 git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976) Package: git-annex; Maintainer for git-annex is Debian Haskell Group <pkg-haskell-maintainers@listsaliothdebianorg>; Source for git-annex is src:git-annex (PTS, buildd, popcon) Reported by: Antoine Beaupre <anarcat@o ...
Amazon Linux AMI: ALAS-2017-893
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository ...
Red Hat: CVE-2017-1000116
A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository ...
Arch Linux Issues:
Mercurial < 43 was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with -oProxyCommand This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed ...

Recent Articles

Top repo managers clone, then close, a nasty SSH vector
The Register • Richard Chirgwin • 13 Aug 2017

Git, Mercurial, SVN patched; CVS hasn't got around to it yet

Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue also affects the ancient CVS (Concurrent Versions System). Schneeweisz writes that he first spotted the issue in Git LFS (Large File Storage) in May, and worked out that an a...

Read more...

References

CWE-78https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29https://security.gentoo.org/glsa/201709-18http://www.securityfocus.com/bid/100290http://www.debian.org/security/2017/dsa-3963https://access.redhat.com/errata/RHSA-2017:2489https://nvd.nist.govhttps://www.debian.org/security/./dsa-3963
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook