| Severity |
|
| Remote |
|
| Type |
| + |
Access restriction bypass |
|
| Description |
| + |
A security issue has been found in git < 2.12.3, allowing a remote restricted user to execute an interactive pager on the server by causing it to spawn "git upload-pack --help". This is only an issue for servers running the "git-shell" restricted login shell. |
|
| References |
| + |
http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html |
| + |
https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5 |
| + |
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/ |
|
| Notes |
|