English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64168
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-723-1)
Summary:The remote host is missing an update for the 'git-core' package(s) announced via the USN-723-1 advisory.
Description:Summary:
The remote host is missing an update for the 'git-core' package(s) announced via the USN-723-1 advisory.

Vulnerability Insight:
It was discovered that Git did not properly handle long file paths. If a user
were tricked into performing commands on a specially crafted Git repository, an
attacker could possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-3546)

It was discovered that the Git web interface (gitweb) did not correctly handle
shell metacharacters when processing certain commands. A remote attacker could
send specially crafted commands to the Git server and execute arbitrary code
with the privileges of the Git web server. This issue only applied to Ubuntu
7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)

It was discovered that the Git web interface (gitweb) did not properly restrict
the diff.external configuration parameter. A local attacker could exploit this
issue and execute arbitrary code with the privileges of the Git web server.
This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)

Affected Software/OS:
'git-core' package(s) on Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04, Ubuntu 8.10.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3546
BugTraq ID: 30549
http://www.securityfocus.com/bid/30549
Bugtraq: 20080812 rPSA-2008-0253-1 git gitweb (Google Search)
http://www.securityfocus.com/archive/1/495391/100/0/threaded
Debian Security Information: DSA-1637 (Google Search)
http://www.debian.org/security/2008/dsa-1637
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html
http://security.gentoo.org/glsa/glsa-200809-16.xml
http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
http://www.securitytracker.com/id?1020627
http://secunia.com/advisories/31347
http://secunia.com/advisories/31780
http://secunia.com/advisories/32029
http://secunia.com/advisories/32384
http://secunia.com/advisories/33964
http://www.ubuntu.com/usn/USN-723-1
http://www.vupen.com/english/advisories/2008/2306
XForce ISS Database: git-multiple-bo(44217)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44217
Common Vulnerability Exposure (CVE) ID: CVE-2008-5516
20090113 rPSA-2009-0005-1 git gitweb
http://www.securityfocus.com/archive/1/500008/100/0/threaded
33964
34194
http://secunia.com/advisories/34194
4919
http://securityreason.com/securityalert/4919
ADV-2009-0175
http://www.vupen.com/english/advisories/2009/0175
DSA-1708
http://www.debian.org/security/2009/dsa-1708
GLSA-200903-15
http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml
SUSE-SR:2009:001
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html
USN-723-1
[oss-security] 20090120 Re: CVE request -- git
http://www.openwall.com/lists/oss-security/2009/01/20/1
[oss-security] 20090121 Re: CVE request -- git
http://www.openwall.com/lists/oss-security/2009/01/21/7
[oss-security] 20090123 Re: CVE request -- git
http://www.openwall.com/lists/oss-security/2009/01/23/2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330
http://repo.or.cz/w/git.git?a=commitdiff%3Bh=c582abae
http://wiki.rpath.com/Advisories:rPSA-2009-0005
https://bugzilla.redhat.com/show_bug.cgi?id=479715
https://issues.rpath.com/browse/RPL-2936
Common Vulnerability Exposure (CVE) ID: CVE-2008-5517
33215
http://www.securityfocus.com/bid/33215
http://repo.or.cz/w/git.git?a=commitdiff%3Bh=516381d5
Common Vulnerability Exposure (CVE) ID: CVE-2008-5916
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html
http://marc.info/?l=git&m=122975564100860&w=2
http://marc.info/?l=linux-kernel&m=122975564100863&w=2:
http://www.openwall.com/lists/oss-security/2009/01/15/2
http://www.openwall.com/lists/oss-security/2009/01/20/2
http://osvdb.org/50918
http://secunia.com/advisories/33282
http://securityreason.com/securityalert/4922
XForce ISS Database: git-gitweb-privilege-escalation(47528)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47528
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.