CVE-2017-1000117 – Git < 2.7.5 - Command Injection
https://notcve.org/view.php?id=CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. Un tercero malicioso puede proporcionar una URL "ssh://..." manipulada a una víctima desprevenida y un intento de visita a la URL puede resultar en que se ejecute cualquier programa que exista en la máquina de la víctima. Dicha URL podría colocarse en el archivo .gitmodules de un proyecto malicioso y una víctima desprevenida podría ser engañada para que ejecute "git clone --recurse-submodules" para desencadenar esta vulnerabilidad. • https://www.exploit-db.com/exploits/42599 https://github.com/greymd/CVE-2017-1000117 https://github.com/Manouchehri/CVE-2017-1000117 https://github.com/VulApps/CVE-2017-1000117 https://github.com/timwr/CVE-2017-1000117 https://github.com/rootclay/CVE-2017-1000117 https://github.com/ieee0824/CVE-2017-1000117 https://github.com/ieee0824/CVE-2017-1000117-sl https://github.com/AnonymKing/CVE-2017-1000117 https://github.com/nkoneko/CVE-2017-1000117 https://github.com/Shadow • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2014-9938 – git: git-prompt.sh does not sanitize branch names in $PS1
https://notcve.org/view.php?id=CVE-2014-9938
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Contrib/completion/git-prompt.sh en Git en versiones anteriores a 1.9.3 no desinfecta nombres de sucursales en la variable PS1, permitiendo que un repositorio malicioso cause la ejecución de código. It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. • https://access.redhat.com/errata/RHSA-2017:2004 https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f https://github.com/njhartwell/pw3nage https://access.redhat.com/security/cve/CVE-2014-9938 https://bugzilla.redhat.com/show_bug.cgi?id=1434415 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-116: Improper Encoding or Escaping of Output •
CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2324
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVE-2015-7545 – git: arbitrary code execution via crafted URLs
https://notcve.org/view.php?id=CVE-2015-7545
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. El (1) git-remote-ext y (2) otros programas de ayuda remotos no especificados en Git en versiones anteriores a 2.3.10, 2.4.x en versiones anteriores a 2.4.10, 2.5.x en versiones anteriores a 2.5.4 y 2.6.x en versiones anteriores a 2.6.1 no restringen correctamente los protocolos permitidos, lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de una URL en un (a) archivo .gitmodules u (b) otras fuentes desconocidas en un submódulo. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html http://rhn.redhat.com/errata/RHSA-2015-2515.html http://www.debian.org/security/2016/dsa-3435 http://www.openwall.com/lists/oss-security/2015/12/08/5 http://www.openwall.com/lists/oss-security/2015/12/09/8 http://www.openwall.com/lists/oss-security/2015/12/11/7 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVE-2015-7082
https://notcve.org/view.php?id=CVE-2015-7082
Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. Múltiples vulnerabilidades no especificadas en Git en versiones anteriores a 2.5.4, como se utiliza en Apple Xcode en versiones anteriores a 7.2, tienen impacto y vectores de ataque desconocidos. NOTA: ésta CVE esta asociada solo con casos de uso Xcode. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html http://www.securitytracker.com/id/1034340 https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt https://support.apple.com/HT205642 •