Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-9800

Published: 11/08/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Subversion

Vulnerability Summary

A maliciously constructed svn+ssh:// URL would cause Subversion clients prior to 1.8.19, 1.9.x prior to 1.9.7, and 1.10.0.x up to and including 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, , and plain (untunneled) svn://.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion 1.10.0

apache subversion 1.9.4

apache subversion 1.9.6

apache subversion 1.9.3

apache subversion 1.9.1

apache subversion 1.9.5

apache subversion 1.9.0

apache subversion

apache subversion 1.9.2

Vendor Advisories

Debian CVElist Bug Report Logs: git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976)
Debian Bug report logs - #873088 git-annex: remote code execution via crafted SSH URLs (CVE-2017-12976) Package: git-annex; Maintainer for git-annex is Debian Haskell Group <pkg-haskell-maintainers@listsaliothdebianorg>; Source for git-annex is src:git-annex (PTS, buildd, popcon) Reported by: Antoine Beaupre <anarcat@o ...
Ubuntu Security Notice: subversion vulnerabilities
Several security issues were fixed in Subversion ...
Ubuntu Security Notice: subversion vulnerabilities
Several security issues were fixed in Subversion ...
Debian Security Advisories: DSA-3932-1 subversion -- security update
Several problems were discovered in Subversion, a centralised version control system CVE-2016-8734 (jessie only) Subversion's mod_dontdothat server module and Subversion clients using http(s):// were vulnerable to a denial-of-service attack caused by exponential XML entity expansion CVE-2017-9800 Joern Schneeweisz discovered that ...
Amazon Linux AMI: ALAS-2017-883
Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action o ...
Red Hat: CVE-2017-9800
A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository contain ...
Arch Linux Issues:
A security issue has been found in subversion < 197 A Subversion client sometimes connects to URLs provided by the repository This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL argument A maliciou ...

Recent Articles

Top repo managers clone, then close, a nasty SSH vector
The Register • Richard Chirgwin • 13 Aug 2017

Git, Mercurial, SVN patched; CVS hasn't got around to it yet

Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue also affects the ancient CVS (Concurrent Versions System). Schneeweisz writes that he first spotted the issue in Git LFS (Large File Storage) in May, and worked out that an a...

Read more...

References

CWE-20https://subversion.apache.org/security/CVE-2017-9800-advisory.txthttp://www.securitytracker.com/id/1039127http://www.securityfocus.com/bid/100259https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.htmlhttp://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.htmlhttps://security.gentoo.org/glsa/201709-09https://support.apple.com/HT208103http://www.debian.org/security/2017/dsa-3932https://access.redhat.com/errata/RHSA-2017:2480http://www.securityfocus.com/archive/1/540999/100/0/threadedhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://lists.apache.org/thread.html/cb607dc2f13bab9769147759ddccb14a4f9d8e5cdcad5e99c0d03b63%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/d8cf53affd700dfce90bad4968fb8b1dfb69cf7c443052c70398ff76%40%3Ccommits.subversion.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873088https://usn.ubuntu.com/3388-2/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook