CVE-2017-12976 - OpenCVE

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Git-annex Project	Git-annex

Configuration 1 [-]

cpe:2.3:a:git-annex_project:git-annex:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://source.git-annex.branchable.com/?p=source.git%3Ba=blob%3Bf=doc/bugs/dashed_ssh_hostname_security_hole.mdwn
http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=c24d0f0e8984576654e2be149005bc884fe0403a
http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=df11e54788b254efebb4898b474de11ae8d3b471
http://www.debian.org/security/2017/dsa-4010
https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-20T20:00:00

Updated: 2024-08-05T18:51:07.350Z

Reserved: 2017-08-20T00:00:00

Link: CVE-2017-12976

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-20T20:29:00.233

Modified: 2023-11-07T02:38:32.930

Link: CVE-2017-12976

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-06T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=c24d0f0e8984576654e2be149005bc884fe0403a"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=df11e54788b254efebb4898b474de11ae8d3b471"}, {"name": "DSA-4010", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-4010"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=blob%3Bf=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12976", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"}, {"name": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a", "refsource": "CONFIRM", "url": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a"}, {"name": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471", "refsource": "CONFIRM", "url": "http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471"}, {"name": "DSA-4010", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-4010"}, {"name": "http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn", "refsource": "CONFIRM", "url": "http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:51:07.350Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=c24d0f0e8984576654e2be149005bc884fe0403a"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=df11e54788b254efebb4898b474de11ae8d3b471"}, {"name": "DSA-4010", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-4010"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=blob%3Bf=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12976", "datePublished": "2017-08-20T20:00:00", "dateReserved": "2017-08-20T00:00:00", "dateUpdated": "2024-08-05T18:51:07.350Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:git-annex_project:git-annex:*:*:*:*:*:*:*:*", "matchCriteriaId": "66B00212-3094-4437-80FE-9BAB05A2A060", "versionEndIncluding": "6.20170520", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117."}, {"lang": "es", "value": "git-annex en versiones anteriores a la 6.20170818 permite que atacantes remotos ejecuten comandos arbitrarios mediante una URL ssh con un car\u00e1cter de guion en el nombre de host, tal y como demuestra ssh://-eProxyCommand= URL, un problema relacionado con CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117."}], "id": "CVE-2017-12976", "lastModified": "2023-11-07T02:38:32.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-20T20:29:00.233", "references": [{"source": "cve@mitre.org", "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=blob%3Bf=doc/bugs/dashed_ssh_hostname_security_hole.mdwn"}, {"source": "cve@mitre.org", "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=c24d0f0e8984576654e2be149005bc884fe0403a"}, {"source": "cve@mitre.org", "url": "http://source.git-annex.branchable.com/?p=source.git%3Ba=commit%3Bh=df11e54788b254efebb4898b474de11ae8d3b471"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-4010"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}