Vulnerability & Exploit Database

Back to search

USN-2470-1: Git vulnerability

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) January 13, 2015 January 15, 2015 July 04, 2017

Available Exploits 

Description

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certainfilesystem paths. A remote attacker could possibly use this issue to executearbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. Theremote attacker would need write access to a Git repository that the victimpulls from. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to set the core.protectHFS and/orcore.protectNTFS Git configuration variables to "true" if you store Git treesin HFS+ and/or NTFS filesystems. If you host Git trees, setting thecore.protectHFS, core.protectNTFS, and receive.fsckObjects Git configurationvariables to "true" will cause your Git server to reject objects containingmalicious paths intended to overwrite the Git metadata. CVE-2014-9390

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

ubuntu-upgrade-git

Related Vulnerabilities