CVE-2017-1000117
CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 24
githubgithub.com/greymd/CVE-2017-1000117★ 136githubgithub.com/Manouchehri/CVE-2017-1000117★ 16githubgithub.com/timwr/CVE-2017-1000117★ 7githubgithub.com/ieee0824/CVE-2017-1000117★ 4githubgithub.com/VulApps/CVE-2017-1000117★ 3githubgithub.com/AnonymKing/CVE-2017-1000117★ 3githubgithub.com/nkoneko/CVE-2017-1000117★ 2githubgithub.com/sasairc/CVE-2017-1000117_wasawasa★ 1githubgithub.com/leezp/CVE-2017-1000117★ 1githubgithub.com/chenzhuo0618/test★ 0githubgithub.com/siling2017/CVE-2017-1000117★ 0githubgithub.com/chu1337/CVE-2017-1000117★ 0githubgithub.com/cved-sources/cve-2017-1000117★ 0githubgithub.com/rootclay/CVE-2017-1000117★ 0githubgithub.com/thelastbyte/CVE-2017-1000117★ 0githubgithub.com/alilangtest/CVE-2017-1000117★ 0githubgithub.com/shogo82148/Fix-CVE-2017-1000117★ 0githubgithub.com/Shadow5523/CVE-2017-1000117-test★ 0githubgithub.com/Jerry-zhuang/CVE-2017-1000117★ 0githubgithub.com/ieee0824/CVE-2017-1000117-sl★ 0githubgithub.com/takehaya/CVE-2017-1000117★ 0githubgithub.com/ikmski/CVE-2017-1000117★ 0exploitdbwww.exploit-db.com/exploits/42599não verificadocve_referencewww.exploit-db.com/exploits/42599/não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2017:2484https://access.redhat.com/errata/RHSA-2017:2485https://access.redhat.com/errata/RHSA-2017:2491https://access.redhat.com/errata/RHSA-2017:2674https://access.redhat.com/errata/RHSA-2017:2675https://security.gentoo.org/glsa/201709-10https://support.apple.com/HT208103https://www.exploit-db.com/exploits/42599/https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.htmlhttp://www.debian.org/security/2017/dsa-3934http://www.securityfocus.com/bid/100283http://www.securitytracker.com/id/1039131