Vulnerability CVE-2017-9462

Vulnerability Name:

CVE-2017-9462 (CCN-126917)

Assigned:

2017-04-18

Published:

2017-04-18

Updated:

2020-02-05

Summary:

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
5.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-732
CWE-284

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-9462

Source: DEBIAN
Type: Third Party Advisory
DSA-3963

Source: BID
Type: Third Party Advisory, VDB Entry
99123

Source: CCN
Type: BID-99123
Mercurial CVE-2017-9462 Remote Code Execution Vulnerability

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:1576

Source: CONFIRM
Type: Issue Tracking, Mailing List, Patch, Third Party Advisory
https://bugs.debian.org/861243

Source: CCN
Type: Debian Bug report logs - #861243
mercurial: CVE-2017-9462: allows remote users unauthorized access to a hg serve --stdio instance

Source: XF
Type: UNKNOWN
mercurial-cve20179462-code-exec(126917)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update

Source: GENTOO
Type: Third Party Advisory
GLSA-201709-18

Source: CCN
Type: Mercurial Web site
changeset 32050:77eaf9539499

Source: CONFIRM
Type: Mailing List, Vendor Advisory
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29

Vulnerable Configuration:

Configuration 1:

cpe:/a:mercurial:mercurial:*:*:*:*:*:*:*:* (Version < 4.1.3)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mercurial:mercurial:4.1.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20179462	V	CVE-2017-9462	2022-09-02
oval:org.opensuse.security:def:10428	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10440	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10441	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10196	P	Security update for net-snmp (Important)	2021-12-27
oval:org.opensuse.security:def:10432	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:10377	P	Security update for xen (Moderate)	2021-12-09
oval:org.opensuse.security:def:10352	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:10160	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:10150	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:10147	P	Security update for xerces-c (Important)	2021-09-02
oval:org.opensuse.security:def:10138	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:10128	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:10689	P	Security update for bluez (Moderate)	2021-07-22
oval:org.opensuse.security:def:10120	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:11101	P	Security update for fossil (Moderate)	2021-07-17
oval:org.opensuse.security:def:10277	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:17157	P	colord-1.3.3-12.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17199	P	libqt4-sql-mysql-32bit-4.8.6-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16333	P	mercurial-2.8.2-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11391	P	libproxy1-0.4.11-11.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124621	P	mercurial-2.8.2-15.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16615	P	mercurial-2.8.2-15.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17284	P	libwebkit2gtk3-lang-2.20.3-2.23.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11413	P	libvte9-0.28.2-17.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17165	P	gd-32bit-2.1.0-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10096	P	Security update for gstreamer-plugins-bad (Important)	2021-06-08
oval:org.opensuse.security:def:10258	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:10071	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:10243	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:9869	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:10419	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9847	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:9839	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:10664	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:10589	P	Security update for gimp (Important)	2020-12-28
oval:org.opensuse.security:def:4091	P	mercurial-2.8.2-15.13.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17372	P	libvpx1-32bit-1.3.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16927	P	mercurial-2.8.2-15.13.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17341	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26892	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27393	P	empathy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10820	P	mercurial on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10570	P	mercurial on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17641	P	Security update for postgresql93 (Moderate)	2020-12-01
oval:org.opensuse.security:def:9962	P	perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27534	P	perl-Tk-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17518	P	Security update for MozillaFirefox and mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:27158	P	kdelibs3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10508	P	libipa_hbac-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17607	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:26817	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28230	P	Security update for libtirpc (Moderate)	2020-12-01
oval:org.opensuse.security:def:10740	P	libgssglue-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27020	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27446	P	libgadu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18279	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:9977	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27548	P	python-setuptools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17550	P	Security update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26828	P	system-config-printer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27242	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10798	P	libtasn1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10555	P	libtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17619	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:9915	P	libsmi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17408	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:28265	P	Security update for mercurial (Important)	2020-12-01
oval:org.opensuse.security:def:10753	P	libksba-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27101	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10462	P	libHX-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27495	P	libtunepimp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18305	P	Security update for mercurial (Important)	2020-12-01
oval:org.opensuse.security:def:26816	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9996	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11079	P	libtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27592	P	yast2-devel-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10731	P	libexpat-devel on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20171576	P	RHSA-2017:1576: mercurial security update (Important)	2017-06-27
oval:com.ubuntu.cosmic:def:201794620000000	V	CVE-2017-9462 on Ubuntu 18.10 (cosmic) - medium.	2017-06-06
oval:com.ubuntu.trusty:def:20179462000	V	CVE-2017-9462 on Ubuntu 14.04 LTS (trusty) - medium.	2017-06-06
oval:com.ubuntu.bionic:def:201794620000000	V	CVE-2017-9462 on Ubuntu 18.04 LTS (bionic) - medium.	2017-06-06
oval:com.ubuntu.artful:def:20179462000	V	CVE-2017-9462 on Ubuntu 17.10 (artful) - medium.	2017-06-06
oval:com.ubuntu.xenial:def:20179462000	V	CVE-2017-9462 on Ubuntu 16.04 LTS (xenial) - medium.	2017-06-06
oval:com.ubuntu.xenial:def:201794620000000	V	CVE-2017-9462 on Ubuntu 16.04 LTS (xenial) - medium.	2017-06-06
oval:com.ubuntu.bionic:def:20179462000	V	CVE-2017-9462 on Ubuntu 18.04 LTS (bionic) - medium.	2017-06-06
oval:com.ubuntu.cosmic:def:20179462000	V	CVE-2017-9462 on Ubuntu 18.10 (cosmic) - medium.	2017-06-06

BACK