| Reporter | Title | Published | Views | Family All 276 |
|---|---|---|---|---|
| Exploit for Injection in Git-Scm Git | 26 Apr 202314:00 | – | githubexploit | |
| Exploit for Injection in Git-Scm Git | 6 May 202313:25 | – | githubexploit | |
| Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities | 24 Oct 202319:01 | – | ibm | |
| Security fix for the ALT Linux 10 package git version 2.33.8-alt1 | 2 May 202300:00 | – | altlinux | |
| Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2023-180) | 24 May 202300:00 | – | nessus | |
| Amazon Linux 2 : git (ALAS-2023-2072) | 8 Jun 202300:00 | – | nessus | |
| Alibaba Cloud Linux 3 : 0047: git (ALINUX3-SA-2023:0047) | 14 May 202500:00 | – | nessus | |
| AlmaLinux 9 : git (ALSA-2023:3245) | 23 May 202300:00 | – | nessus | |
| AlmaLinux 8 : git (ALSA-2023:3246) | 23 May 202300:00 | – | nessus | |
| CentOS 8 : git (CESA-2023:3246) | 8 Feb 202400:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(178345);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/18");
script_cve_id("CVE-2023-25652", "CVE-2023-25815", "CVE-2023-29007");
script_name(english:"EulerOS 2.0 SP10 : git (EulerOS-SA-2023-2380)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :
- Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8,
2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a
path outside the working tree can be overwritten with partially controlled contents (corresponding to the
rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with
`--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch
before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file
exists. (CVE-2023-25652)
- In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a
consequence, Git is expected not to localize messages at all, and skips the gettext initialization.
However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer
uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized
messages. And since any authenticated user has the permission to create folders in `C:\` (and since
`C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in
that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard
to exploit and requires social engineering. For example, a legitimate message at the end of a clone could
be maliciously modified to ask the user to direct their web browser to a malicious website, and the user
might think that the message comes from Git and is legitimate. It does require local write access by the
attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this
issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or
alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may
remove the permission to create folders in `C:\`. (CVE-2023-25815)
- Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8,
2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs
that are longer than 1024 characters can used to exploit a bug in
`config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary
configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section
associated with that submodule. When the attacker injects configuration values which specify executables
to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6,
2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted
repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. (CVE-2023-29007)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2380
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a4a7bff1");
script_set_attribute(attribute:"solution", value:
"Update the affected git packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25652");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-29007");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/25");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-help");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"git-2.27.0-2.h15.eulerosv2r10",
"git-help-2.27.0-2.h15.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation