User: Password:
Subscribe / Log in / New account

MeeGo alert MeeGo-SA-10:26 (git)

From:  "Ware, Ryan R" <>
To:  "" <>
Subject:  [MeeGo-security] [MeeGo-SA-10:26.git] Buffer Overflow in git Allows Privilege Escalation
Date:  Tue, 18 Jan 2011 20:53:51 -0700
Message-ID:  <>
Archive-link:  Article, Thread

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:26.git Security Advisory MeeGo Project Topic: Buffer Overflow in git Allows Privilege Escalation Category: Development Module: git Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID: 5238 CVE: CVE-2010-2542 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:>. I. Background Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. II. Problem Description CVE-2010-2542: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. CVSS v2 Base: 7.5 (HIGH) Access Vector: Network exploitable III. Impact CVE-2010-2898: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) IV. Workaround None V. Solution Update to package git- or later. VI. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNNlsDAAoJEEsJm1wYvCMbNl0H/idixJumOXLn8reqXK1Bwh3w XWZSmAMJO6lzqyqqwc2WCktLY6jJUX/AF2Tyx6OyBubCkqiGftjNKZLdOcDTrqAM +SaduocCX5zuRQPHfgaVuAs+CZFaCqJeO0eVZXDc0xbzMzc2EzxeS8ri/zyn1pKI BRC03D3vMtLWAK8Fum5+JzYKdjGRYodemYC2yC8jYwmkfP7EOLBdXdBpaEDDCmLd 8J2bAzEdEG++4MLZJiVpjfEI1LDp/VRwOXCObopR1MwmMNRy4WPTxei2z1XjgWPT HSVt9e9fer6EQTlbMqbfFCzGlBb1zK7H2BDxYD/KBkj5zkVDN6DHhA7IG0nVx3Q= =N9sx -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds