Detections
Analytics
Amazon Linux AMI : mercurial (ALAS-2017-893)
critical Nessus Plugin ID 103227
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a 'checkout' or 'update' action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000116)A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository.
(CVE-2017-1000115)
Solution
Run 'yum update mercurial' to update your system.See Also
Plugin Details
Severity: Critical
ID: 103227
File Name: ala_ALAS-2017-893.nasl
Version: 3.5
Type: local
Agent: unix
Published: 9/15/2017
Updated: 5/13/2019
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:mercurial-debuginfo, p-cpe:/a:amazon:linux:emacs-mercurial, p-cpe:/a:amazon:linux:mercurial-common, p-cpe:/a:amazon:linux:mercurial-python27, p-cpe:/a:amazon:linux:mercurial-python26, cpe:/o:amazon:linux, p-cpe:/a:amazon:linux:emacs-mercurial-el
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 9/14/2017
Vulnerability Publication Date: 10/5/2017
Reference Information
CVE: CVE-2017-1000115, CVE-2017-1000116
ALAS: 2017-893