CVE-2010-2542

Gentoo Linux Security Advisory 201401-06

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

Desbordamiento de búfer basado en pila en la función is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a través de un gitdir grande: campo en un fichero .git en una acción copia.

The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create git repositories. This upgrade fixes this regression, which is tracked as Debian bug #595728.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-06-30 CVE Reserved
2010-08-11 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (8)

URL	Tag	Source
http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc	X_refsource_confirm
http://secunia.com/advisories/43457	Third Party Advisory
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt	Broken Link
http://www.openwall.com/lists/oss-security/2010/07/22/1	Mailing List
http://www.openwall.com/lists/oss-security/2010/07/22/4	Mailing List
http://www.securityfocus.com/bid/41891	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=618108	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html	2023-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Git-scm Search vendor "Git-scm"		Git Search vendor "Git-scm" for product "Git"				< 1.7.2.1 Search vendor "Git-scm" for product "Git" and version " < 1.7.2.1"		-		Affected