Vulnerability & Exploit Database

Back to search

USN-2470-1: Git vulnerability

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) January 12, 2015 January 14, 2015 July 03, 2017

Available Exploits 


Matt Mackall and Augie Fackler discovered that Git incorrectly handled certainfilesystem paths. A remote attacker could possibly use this issue to executearbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. Theremote attacker would need write access to a Git repository that the victimpulls from. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: After a standard system update you need to set the core.protectHFS and/orcore.protectNTFS Git configuration variables to "true" if you store Git treesin HFS+ and/or NTFS filesystems. If you host Git trees, setting thecore.protectHFS, core.protectNTFS, and receive.fsckObjects Git configurationvariables to "true" will cause your Git server to reject objects containingmalicious paths intended to overwrite the Git metadata. CVE-2014-9390

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities