CVE-2017-8386 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Access restriction bypass
Description	A security issue has been found in git < 2.12.3, allowing a remote restricted user to execute an interactive pager on the server by causing it to spawn "git upload-pack --help". This is only an issue for servers running the "git-shell" restricted login shell.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-267	git	2.12.2-4	2.13.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
12 May 2017	ASA-201705-14	AVG-267	git	High	access restriction bypass

References
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5 https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/

References

http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/