Debian Local Security Checks : Debian: Security Advisory (DSA-1841)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.66803

Category: Debian Local Security Checks

Title: Debian: Security Advisory (DSA-1841)

Summary: The remote host is missing an update for the Debian 'git-core' package(s) announced via the DSA-1841 advisory.;; This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DSA-1841-1)' (OID: 1.3.6.1.4.1.25623.1.0.64480).

Description: Summary:
The remote host is missing an update for the Debian 'git-core' package(s) announced via the DSA-1841 advisory.

This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DSA-1841-1)' (OID: 1.3.6.1.4.1.25623.1.0.64480).

Vulnerability Insight:
It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.

For the oldstable distribution (etch), this problem has been fixed in version 1.4.4.4-4+etch3.

For the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny2.

For the testing distribution (squeeze), this problem has been fixed in version 1:1.6.3.3-1.

For the unstable distribution (sid), this problem has been fixed in version 1:1.6.3.3-1.

We recommend that you upgrade your git-core packages.

Affected Software/OS:
'git-core' package(s) on Debian 4, Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2108
BugTraq ID: 35338
http://www.securityfocus.com/bid/35338
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html
http://security.gentoo.org/glsa/glsa-200907-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:155
http://article.gmane.org/gmane.comp.version-control.git/120733
http://thread.gmane.org/gmane.comp.version-control.git/120724
https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html
http://www.openwall.com/lists/oss-security/2009/06/12/1
http://osvdb.org/55034
http://www.securitytracker.com/id?1022398
http://secunia.com/advisories/35437
http://secunia.com/advisories/35730
http://www.vupen.com/english/advisories/2009/1579
XForce ISS Database: gitdaemon-xinetd-dos(51083)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51083

Copyright Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.66803
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1841)
Summary:	The remote host is missing an update for the Debian 'git-core' package(s) announced via the DSA-1841 advisory.;; This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DSA-1841-1)' (OID: 1.3.6.1.4.1.25623.1.0.64480).
Description:	Summary: The remote host is missing an update for the Debian 'git-core' package(s) announced via the DSA-1841 advisory. This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DSA-1841-1)' (OID: 1.3.6.1.4.1.25623.1.0.64480). Vulnerability Insight: It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions. For the oldstable distribution (etch), this problem has been fixed in version 1.4.4.4-4+etch3. For the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny2. For the testing distribution (squeeze), this problem has been fixed in version 1:1.6.3.3-1. For the unstable distribution (sid), this problem has been fixed in version 1:1.6.3.3-1. We recommend that you upgrade your git-core packages. Affected Software/OS: 'git-core' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2108 BugTraq ID: 35338 http://www.securityfocus.com/bid/35338 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html http://security.gentoo.org/glsa/glsa-200907-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:155 http://article.gmane.org/gmane.comp.version-control.git/120733 http://thread.gmane.org/gmane.comp.version-control.git/120724 https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html http://www.openwall.com/lists/oss-security/2009/06/12/1 http://osvdb.org/55034 http://www.securitytracker.com/id?1022398 http://secunia.com/advisories/35437 http://secunia.com/advisories/35730 http://www.vupen.com/english/advisories/2009/1579 XForce ISS Database: gitdaemon-xinetd-dos(51083) https://exchange.xforce.ibmcloud.com/vulnerabilities/51083
Copyright	Copyright (C) 2010 Greenbone AG