CVE-2017-1000116
Publication date 5 October 2017
Last updated 24 July 2024
Ubuntu priority
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
From the Ubuntu Security Team
It was discovered that Mercurial incorrectly handled hostnames passed to ssh. An attacker could possibly use this issue to execute arbitrary code.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mercurial | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 3.7.3-1ubuntu1.1
|
|
| 14.04 LTS trusty |
Fixed 2.8.2-1ubuntu1.4
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Other references
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
- https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2
- https://www.mercurial-scm.org/repo/hg/rev/e10745311406
- https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8
- https://www.mercurial-scm.org/repo/hg/rev/f9134e96ed0f
- https://www.mercurial-scm.org/repo/hg/rev/92b583e3e522
- https://www.mercurial-scm.org/repo/hg/rev/08cfc4baf3ba
- https://www.mercurial-scm.org/repo/hg/rev/55681baf4cf9
- https://www.mercurial-scm.org/repo/hg/rev/173ecccb9ee7
- https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00
- https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb
- https://www.mercurial-scm.org/repo/hg/rev/943c91326b23
- https://www.cve.org/CVERecord?id=CVE-2017-1000116