Vulnerability & Exploit Database

Back to search

USN-2470-1: Git vulnerability

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) January 12, 2015 January 14, 2015 January 14, 2015

Available Exploits 

Description

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certainfilesystem paths. A remote attacker could possibly use this issue to executearbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. Theremote attacker would need write access to a Git repository that the victimpulls from. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to set the core.protectHFS and/orcore.protectNTFS Git configuration variables to "true" if you store Git treesin HFS+ and/or NTFS filesystems. If you host Git trees, setting thecore.protectHFS, core.protectNTFS, and receive.fsckObjects Git configurationvariables to "true" will cause your Git server to reject objects containingmalicious paths intended to overwrite the Git metadata. CVE-2014-9390

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

canonical-ubuntu-upgrade-git-12-04

Related Vulnerabilities