git -- Arbitrary command execution on case-insensitive filesystems

2014-12-19T00:00:00
ID 1D567278-87A5-11E4-879C-000C292EE6B8
Type freebsd
Reporter FreeBSD
Modified 2014-12-19T00:00:00

Description

The Git Project reports:

When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect such users who use existing versions of Git.