Vulnerability & Exploit Database

Back to search

FreeBSD: git -- Arbitrary command execution on case-insensitive filesystems (CVE-2014-9390)

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) December 18, 2014 December 21, 2014 December 21, 2014

Available Exploits 

Description

The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect such users who use existing versions of Git.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

freebsd-upgrade-package-git

Related Vulnerabilities