|
|
Subscribe / Log in / New account

git: code execution

Package(s):git CVE #(s):CVE-2014-9390
Created:December 24, 2014 Updated:August 27, 2015
Description: From the Mageia advisory:

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user's .git/config. If this malicious config file contained defined external commands (such as for invoking an editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client.

Alerts:
Gentoo 201612-19 mercurial 2016-12-07
Gentoo 201509-06 git 2015-09-24
Mageia MGASA-2015-0325 cgit 2015-08-26
openSUSE openSUSE-SU-2015:1096-1 cgit 2015-06-22
Debian DSA-3257-1 mercurial 2015-05-11
openSUSE openSUSE-SU-2015:0673-1 libgit2 2015-04-07
Mandriva MDVSA-2015:169 git 2015-03-30
Debian-LTS DLA-237-1 mercurial 2015-06-04
openSUSE openSUSE-SU-2015:0159-1 git 2015-01-28
Ubuntu USN-2470-1 git 2015-01-13
Fedora FEDORA-2014-17341 eclipse-jgit 2014-12-29
Fedora FEDORA-2014-17341 eclipse-egit 2014-12-29
Mageia MGASA-2014-0546 git 2014-12-23
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds