what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2017-1000115

Status Candidate

Overview

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

Related Files

Gentoo Linux Security Advisory 201709-18
Posted Sep 25, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-18 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 4.3 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-1000115, CVE-2017-1000116, CVE-2017-9462
SHA-256 | 89aefc9a366cff54114ccf79e3fe3ca7be36701152914d2c0e752658790e251b
SourceTree Remote Code Execution
Posted Sep 7, 2017
Authored by David Black | Site atlassian.com

SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2017-1000115, CVE-2017-1000116, CVE-2017-1000117, CVE-2017-9800
SHA-256 | 1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761
Debian Security Advisory 3963-1
Posted Sep 5, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3963-1 - Several issues were discovered in Mercurial, a distributed revision control system.

tags | advisory
systems | linux, debian
advisories | CVE-2017-1000115, CVE-2017-1000116, CVE-2017-9462
SHA-256 | bd83f96fa1efaaffc2eddb423ae1e6ba6e4a8cbc1d79385bf890c4e6dae763ba
Red Hat Security Advisory 2017-2489-01
Posted Aug 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2489-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-1000115, CVE-2017-1000116
SHA-256 | 8738f069f2944ea66cc39edcf21cdadd76160904bb6eb1bd0d4f6efa07edf23c
Slackware Security Advisory - mercurial Updates
Posted Aug 11, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mercurial packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-1000115, CVE-2017-1000116
SHA-256 | e9a3e10f787f19af20556a8626c0eec971c3bc7891353842436625abb0d5e43c
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close