Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New git-core packages fix regression |
| Informations | |||
|---|---|---|---|
| Name | DSA-2114 | First vendor Publication | 2010-09-26 |
| Vendor | Debian | Last vendor Modification | 2010-09-26 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create git repositories. This upgrade fixes this regression, which is tracked as Debian bug #595728. The original security issue allowed an attacker to execute arbitrary code if he could trick a local user to execute a git command in a crafted working directory (CVE-2010-2542). For the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny3.2. The packages for the hppa architecture are not included in this advisory. However, the hppa architecture is not known to be affected by the regression. For the testing distribution (squeeze) and the unstable distribution (sid), the security issue has been fixed in version 1.7.1-1.1. These distributions were not affected by the regression. We recommend that you upgrade your git-core packages. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2114 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12423 | |||
| Oval ID: | oval:org.mitre.oval:def:12423 | ||
| Title: | DSA-2114-1 git-core -- buffer overflow | ||
| Description: | The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create git repositories. This upgrade fixes this regression, which is tracked as Debian bug #595728. The original security issue allowed an attacker to execute arbitrary code if he could trick a local user to execute a git command in a crafted working directory. For the stable distribution, this problem has been fixed in version 1.5.6.5-3+lenny3.2. The packages for the hppa architecture are not included in this advisory. However, the hppa architecture is not known to be affected by the regression. For the testing distribution and the unstable distribution, the security issue has been fixed in version 1.7.1-1.1. These distributions were not affected by the regression. We recommend that you upgrade your git-core packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2114-1 CVE-2010-2542 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | git-core |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-03-24 | Name : Fedora Update for cgit FEDORA-2011-2815 File : nvt/gb_fedora_2011_2815_cgit_fc13.nasl |
| 2010-12-02 | Name : Fedora Update for cgit FEDORA-2010-15387 File : nvt/gb_fedora_2010_15387_cgit_fc14.nasl |
| 2010-10-19 | Name : Fedora Update for cgit FEDORA-2010-15501 File : nvt/gb_fedora_2010_15501_cgit_fc12.nasl |
| 2010-10-19 | Name : Fedora Update for cgit FEDORA-2010-15534 File : nvt/gb_fedora_2010_15534_cgit_fc13.nasl |
| 2010-10-04 | Name : Mandriva Update for git MDVSA-2010:194 (git) File : nvt/gb_mandriva_MDVSA_2010_194.nasl |
| 2010-08-21 | Name : FreeBSD Ports: git File : nvt/freebsd_git1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 67091 | Git setup.c is_git_directory Function gitdir: Field Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_git-110117.nasl - Type : ACT_GATHER_INFO |
| 2014-01-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-06.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_git-110117.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15501.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15534.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15387.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-194.nasl - Type : ACT_GATHER_INFO |
| 2010-09-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2114.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_827bc2b795ed11df916000e0815b8da8.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:41 |
|
