Published: 05/10/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 774

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
git-scm git 2.8.0
git-scm git 2.8.1
git-scm git 2.8.2
git-scm git 2.8.3
git-scm git 2.8.4
git-scm git 2.8.5
git-scm git 2.9.0
git-scm git 2.9.1
git-scm git 2.9.2
git-scm git 2.9.3
git-scm git 2.9.4
git-scm git 2.10.0
git-scm git 2.10.1
git-scm git 2.10.2
git-scm git 2.10.3
git-scm git 2.11.0
git-scm git 2.11.1
git-scm git 2.11.2
git-scm git 2.12.0
git-scm git 2.12.1
git-scm git 2.12.2
git-scm git 2.12.3
git-scm git 2.13.0
git-scm git 2.13.1
git-scm git 2.13.2
git-scm git 2.13.3
git-scm git 2.13.4
git-scm git 2.14.0
git-scm git

Synopsis Important: Red Hat Mobile Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Mobile Application Platform 45Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...

Debian Bug report logs - #873088 git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976) Package: git-annex; Maintainer for git-annex is Debian Haskell Group <pkg-haskell-maintainers@listsaliothdebianorg>; Source for git-annex is src:git-annex (PTS, buildd, popcon) Reported by: Antoine Beaupre <anarcat@o ...

Git could be made run programs as your login if it opened a specially crafted git repository ...

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs This allowed an attacker to run an arbitrary shell command, for instance via git submodules For the oldstable distribution (jessie), this problem has been fixed in version 1:214-21+deb8u4 For the stable di ...

Command injection via malicious ssh URLs:A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository ...

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit ...

A security issue has been found in git < 2141 A malicious third-party can give a crafted "ssh://" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed Such a URL could be placed in the gitmodules file of a malicious project, and an unsuspecting victim ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super( update_info( info, 'Name' =&gt ...

This Metasploit module exploits CVE-2017-1000117, which affects Git versions 275 and lower A submodule of the form 'ssh://' can be passed parameters from the username incorrectly This can be used to inject commands to the operating system when the submodule is cloned This Metasploit module creates a fake git repository which contains a submodu ...

This module exploits CVE-2017-1000117, which affects Git version 275 and lower A submodule of the form 'ssh://' can be passed parameters from the username incorrectly This can be used to inject commands to the operating system when the submodule is cloned This module creates a fake git repository which ...

This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised.

msf > use exploit/multi/http/git_submodule_command_exec
msf exploit(git_submodule_command_exec) > show targets
    ...targets...
msf exploit(git_submodule_command_exec) > set TARGET < target-id >
msf exploit(git_submodule_command_exec) > show options
    ...show and set options...
msf exploit(git_submodule_command_exec) > exploit

msf > use exploit/multi/http/git_submodule_command_exec
msf exploit(git_submodule_command_exec) > show targets
    ...targets...
msf exploit(git_submodule_command_exec) > set TARGET < target-id >
msf exploit(git_submodule_command_exec) > show options
    ...show and set options...
msf exploit(git_submodule_command_exec) > exploit

CVE-2017-1000117

CVE-2017-1000117 CVE-2017-1000117

CVE-2017-1000117 恶意人员可以通过巧妙构造 “ssh://…” 链接，让受害人在执行程序等情况下访问该恶意链接，从而达到命令执行的目的。该链接可以被放在 git项目的gitmodules文件下，这样当受害人对一个项目进行git clone –recurse-submodules/git clone --recursive 操作时，就会引发安全�

CVE-2017-1000117 PoC Repository for VulApps Fork from joernchen/CVE-2017-1000117 git clone --recursive githubcom/VulApps/CVE-2017-1000117git will write the output of id to a file vul in /var/www/html See More at VulApps

Check Git's vulnerability CVE-2017-1000117

Test repository to check Git's vulnerability CVE-2017-1000117 How it works? Clone this repository recursively The sentence 「うんこもりもり」(which means like "Lots of shit") will be shown on your terminal $ git clone --recursive githubcom/greymd/CVE-2017-1000117git Cloning into 'CVE-2017-1000117' remote: Counting objects: 5, do

Build a local copy of Security Tracker. Notify via E-mail/Slack if there is an update.

gost (go-security-tracker) gost builds a local copy of Security Tracker(Redhat/Debian/Ubuntu/Microsoft) After you register CVEs to watch list, gost notify via E-mail/Slack if there is an update The pronunciation of gost is the same as the English word "ghost"

Experiment of CVE-2017-1000117

CVE-2017-1000117-sl Experiment of CVE-2017-1000117 usage $ git clone --recursive githubcom/ieee0824/CVE-2017-1000117-slgit

GitのCommand Injectionの脆弱性を利用してスクリプトを落として実行する例

CVE-2017-1000117 でサーバーを立ち上げるやつ次のコマンドを叩いてから、Webブラウザーを立ち上げて localhost:8088 にアクセスしてみよう！ $ git clone --recursive githubcom/0gawa/CVE-2017-1000117 Hello World と表示されたなら、gitをアップデートしよう！脆弱だ�

git-client-rce This PoC is only for educational purpose!!! Test GIT Repo for git-client-rce PoC ( CVE-2017-1000117 ) marcinfo/?l=git&m=150238802328673&w=2 This CVE affects all the git clients < v2141 Execute following on test system to see PoC : $git clone --recursive githubcom/thelastbyte/CVE-2017-1000117git Successful execution will

Test repository to check Git's vulnerability CVE-2017-1000117, and try to upgrade git version $ git clone --recursive githubcom/shogo82148/Fix-CVE-2017-1000117git The repository is inspired by githubcom/greymd/CVE-2017-1000117 To make sure that your git is safe, please clone it with --recursive option

git clone --recurse-submodules githubcom/Q2h1Cg/CVE-2017-1000117

CVE-2017-1000117 - PoCs git clone --recurse-submodules "githubcom/Manouchehri/CVE-2017-1000117git" cat /tmp/pwnedtxt Go go get "githubcom/Manouchehri/CVE-2017-1000117" cat /tmp/pwnedtxt

CVE-2017-1000117漏洞复现（PoC+Exp）

CVE-2017-1000117 项目简介网络安全课程设计选题之一 CVE-2017-1000117 漏洞的复现（PoC+Exp） Git + SSH 漏洞简介：漏洞名称： Git命令注入漏洞 CNNVD编号：CNNVD-201708-670 危害等级：中危 CVE编号：CVE-2017-1000117 漏洞类型：命令注入发布时间：2017-08-16 威胁类型：远程更新时间：2017-10-17 厂商：git-scm

CVE-2018-17456漏洞复现（PoC+Exp）

CVE-2018-17456 漏洞简介漏洞名称： Git输入验证错误漏洞 CNNVD编号：CNNVD-201810-234 危害等级：超危 CVE编号：CVE-2018-17456 漏洞类型：输入验证错误发布时间：2018-10-08 威胁类型：远程更新时间：2019-04-25 厂商：debian 漏洞来源：Atlassian,TerryZh 漏洞简介：Git是一套免费、开源的分布式版本控制�

CVE-2017-1000117 How it works? $ git clone --recursive git@githubcom:ikmski/CVE-2017-1000117git How to create this repository $ cat messagetxt | gzip | base64 > command $ git submodule add git@githubcom:ikmski/Hello-Worldgit subs/CVE-2017-1000117 $ cat << EOS > gitmodules [submodule "subs/CVE-2017

Proof of concept of CVE-2017-1000117

CVE-2017-1000117 This module can be used to test whether you are vulnerable to CVE-2017-1000117 git clone githubcom/timwr/CVE-2017-1000117git --recurse-submodules ls CVE-2017-1000117 Output if you are vulnerable: $ git clone githubcom/timwr/CVE-2017-1000117git --recurse-submodules Cloning into 'CVE-2017-1000117�

Build a local copy of Security Tracker. Notify via E-mail/Slack if there is an update.

This is custom NiFi processor, that extracts information from wwwcvedetailscom/cve/{CVE_ID} pages, where {CVE_ID} represents specific CVE eg wwwcvedetailscom/cve/CVE-2017-1000117/ Extraction is done through library JSOUP, and output is generated with library JSON This processor, takes html flowfile that is previously in nifi flow fetched, and extracts data

Test repository to check Git's vulnerability CVE-2017-1000117 How it works? Clone this repository recursively $ git clone --recursive githubcom/sasairc/CVE-2017-1000117_wasawasagit Original greymd/CVE-2017-1000117

Yoichi Nakayama About me Twitter GitHub Blog Qiita Zenn SpeakerDeck Articles 2024 20240213 Blog:meishi2でキーボード自作に入門した 20240210 Zenn:makeでdry runする 20240210 Blog:通り道に物を置く 20240210 Zenn:git subtreeの仕組み 20240117 特殊な例の前にまずは素直な例を 20240115 Blog:「フィードバックの誤謬」を�

CVE-2017-1000117の検証

動作説明これはCVE-2017-1000117の脆弱性で動作するものです。このレポジトリをroot権限でgitコマンドに--recurseオプションをつけてクローンをすると、勝手に12345ポートでリッスンするhttpサーバが動きます。 httpサーバの動作を停止するにはプロセス番号を調べてkillしてください。動�

GitのCommand Injectionの脆弱性を利用してスクリプトを落として実行する例

CVE-2017-1000117 usage $ git clone --recursive githubcom/ieee0824/CVE-2017-1000117git when git has problem, ifconfig is executed

CVE-2017-1000117 PoC Repository for VulApps Fork from joernchen/CVE-2017-1000117 git clone --recursive githubcom/Jerry-zhuang/CVE-2017-1000117git will write the output of id to a file vul in /var/www/html See More at VulApps

CVE-2017-1000117

cve-2017-1000117

CVE-2017-1000117 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2017-1000117 Image author: githubcom/cved-sources/cve-2017-1000117

Top repo managers clone, then close, a nasty SSH vector

The Register • Richard Chirgwin • 13 Aug 2017

Git, Mercurial, SVN patched; CVS hasn't got around to it yet

Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue also affects the ancient CVS (Concurrent Versions System). Schneeweisz writes that he first spotted the issue in Git LFS (Large File Storage) in May, and worked out that an a...

CVE-2017-1000117

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect