Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9462

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9462
Last Modified 01 Apr 2015 10:55:07
Published 31 Mar 2015 10:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9462

Summary

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Mercurial 3.2.3


References

OSVDB - 119816

CONFIRM - http://mercurial.selenic.com/wiki/WhatsNew

SUSE - openSUSE-SU-2015:0617

MISC - http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html


Last Updated: 27 May 2016 11:08:16