CVE-2017-12976 — Improper Input Validation in Project Git-annex
Severity
9.8CRITICALNVD
NVD8.8OSV8.8
EPSS
0.2%
top 61.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 20
Latest updateNov 14
Description
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.04
🔴Vulnerability Details
14📋Vendor Advisories
6Debian▶
CVE-2017-16228: dulwich - Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers t...↗2017
Debian▶
CVE-2017-14176: breezy - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to ex...↗2017
Debian▶
CVE-2017-17459: fossil - http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allow...↗2017
💬Community
4Bugzilla▶
CVE-2017-16228 python-dulwich: Setting SSH arguments from untrusted URLs allows code execution↗2017-11-03
Bugzilla▶
CVE-2017-12976 git-annex: RCE via ssh URL with an initial dash character in the hostname [epel-all]↗2017-08-24
Bugzilla▶
CVE-2017-12976 git-annex: RCE via ssh URL with an initial dash character in the hostname [fedora-all]↗2017-08-24
Bugzilla
▶