CVE-2009-2108 – Git 1.6.3 - Parameter Processing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-2108
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. git-daemon en git v1.4.4.5 hasta v1.6.3 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de una una petición que contenga argumentos no reconocidos extra. • https://www.exploit-db.com/exploits/33036 http://article.gmane.org/gmane.comp.version-control.git/120733 http://osvdb.org/55034 http://secunia.com/advisories/35437 http://secunia.com/advisories/35730 http://security.gentoo.org/glsa/glsa-200907-05.xml http://thread.gmane.org/gmane.comp.version-control.git/120724 http://www.mandriva.com/security/advisories?name=MDVSA-2009:155 http://www.openwall.com/lists/oss-security/2009/06/12/1 http://www.securityfocus.com/bid/35338 • CWE-399: Resource Management Errors •
CVE-2008-5916
https://notcve.org/view.php?id=CVE-2008-5916
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. gitweb/gitweb.perl en gitweb en Git 1.6.x anteriores a v1.6.0.6, 1.5.6.x anteriores a v1.5.6.6, 1.5.5.x anteriores a v1.5.5.6, 1.5.4.x anteriores a v1.5.4.7, y otras versiones posteriores a v1.4.3 permite a los propietarios del repositorio ejecutar comandos de su elección por modificación de la configuración de la variable diff.external y ejecutando una consulta manipulada gitweb. • http://marc.info/?l=git&m=122975564100860&w=2 http://marc.info/?l=linux-kernel&m=122975564100863&w=2: http://osvdb.org/50918 http://secunia.com/advisories/33282 http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4922 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall.com/lists/oss-security/2009/01/15/2 http://www.openwall.com/lists/oss-security/2009/01/20/2 http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5516 – gitWeb 1.x Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5516
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. gitWeb version 1.x suffers from a remote command execution vulnerability. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=c582abae http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4919 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5517 – gitWeb 1.5.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5517
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. gitWeb version 1.x suffers from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/11497 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=516381d5 http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwa • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-3546
https://notcve.org/view.php?id=CVE-2008-3546
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Desbordamiento de búfer basado en pila de las funciones (1) diff_addremove y (2) diff_change en GIT versiones anteriores a la 1.5.6.4, podría permitir a usuarios locales ejecutar código arbitrariamente a través de un PATH de longitud mayor a PATH_MAX del sistema cuando se ejecutan las utilidades GIT como git-diff o git-grep. • http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 http://secunia.com/advisories/31347 http://secunia.com/advisories/31780 http://secunia.com/advisories/32029 http://secunia.com/advisories/32384 http://secunia.com/advisories/33964 http://security.gentoo.org/glsa/glsa-200809-16.xml http://wiki.rpath.com/Advisories:rPSA-2008-0253 http://www.debian.org/security/2008/dsa-1637 http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •