CVE-2017-8386 – git: Escape out of git-shell

https://notcve.org/view.php?id=CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. git-shell en git en versiones anteriores a la 2.4.12, versiones 2.5.x anteriores a la 2.5.6, versiones 2.6.x anteriores a la 2.6.7, versiones 2.7.x anteriores a la 2.7.5, versiones 2.8.x anteriores a la 2.8.5, versiones 2.9.x anteriores a la 2.9.4, versiones 2.10.x anteriores a la 2.10.3, versiones 2.11.x anteriores a la 2.11.2 y versiones 2.12.x anteriores a la 2.12.3 podría permitir que usuarios remotos autenticados obtengan privilegios mediante un nombre de repositorio que comienza con un carácter - (guion). A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. • http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com http://www.debian.org/security/2017/dsa-3848 http://www.securityfocus.com/bid/98409 http://www.securitytracker.com/id/1038479 http://www.ubuntu.com/usn/USN-3287-1 https://access.redhat.com/errata/RHSA-2017:2004 https://access.redhat.com/errata/RHSA-2017:2491 https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8 •