User: Password:
|
|
Subscribe / Log in / New account

MeeGo alert MeeGo-SA-10:26 (git)

From:  "Ware, Ryan R" <ryan.r.ware@intel.com>
To:  "meego-security@meego.com" <meego-security@meego.com>
Subject:  [MeeGo-security] [MeeGo-SA-10:26.git] Buffer Overflow in git Allows Privilege Escalation
Date:  Tue, 18 Jan 2011 20:53:51 -0700
Message-ID:  <0BB24728-9DAE-40C5-B00D-856CFD2D26A4@intel.com>
Archive-link:  Article, Thread

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:26.git Security Advisory MeeGo Project Topic: Buffer Overflow in git Allows Privilege Escalation Category: Development Module: git Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID: 5238 CVE: CVE-2010-2542 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. II. Problem Description CVE-2010-2542: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy. CVSS v2 Base: 7.5 (HIGH) Access Vector: Network exploitable III. Impact CVE-2010-2898: Unauthorized disclosure of information, modification or disruption of service due to buffer error (CWE-119) IV. Workaround None V. Solution Update to package git-1.6.1.3-4.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=5238 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/119.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNNlsDAAoJEEsJm1wYvCMbNl0H/idixJumOXLn8reqXK1Bwh3w XWZSmAMJO6lzqyqqwc2WCktLY6jJUX/AF2Tyx6OyBubCkqiGftjNKZLdOcDTrqAM +SaduocCX5zuRQPHfgaVuAs+CZFaCqJeO0eVZXDc0xbzMzc2EzxeS8ri/zyn1pKI BRC03D3vMtLWAK8Fum5+JzYKdjGRYodemYC2yC8jYwmkfP7EOLBdXdBpaEDDCmLd 8J2bAzEdEG++4MLZJiVpjfEI1LDp/VRwOXCObopR1MwmMNRy4WPTxei2z1XjgWPT HSVt9e9fer6EQTlbMqbfFCzGlBb1zK7H2BDxYD/KBkj5zkVDN6DHhA7IG0nVx3Q= =N9sx -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds