The Debian DSA-2114-1 advisory fixes a regression in the 'git-core' package that caused issues while cloning or creating Git repositories due to a security update. Upgrade 'git-core' packages
Reporter | Title | Published | Views | Family All 39 |
---|---|---|---|---|
UbuntuCve | CVE-2010-2542 | 11 Aug 201000:00 | – | ubuntucve |
Cvelist | CVE-2010-2542 | 11 Aug 201018:00 | – | cvelist |
Tenable Nessus | FreeBSD : git -- buffer overflow vulnerability (827bc2b7-95ed-11df-9160-00e0815b8da8) | 23 Jul 201000:00 | – | nessus |
Tenable Nessus | Debian DSA-2114-1 : git-core - buffer overflow | 27 Sep 201000:00 | – | nessus |
Tenable Nessus | Fedora 12 : cgit-0.8.2.1-4.fc12 (2010-15501) | 11 Oct 201000:00 | – | nessus |
Tenable Nessus | Mandriva Linux Security Advisory : git (MDVSA-2010:194) | 6 Oct 201000:00 | – | nessus |
Tenable Nessus | Fedora 13 : cgit-0.8.2.1-4.fc13 (2010-15534) | 11 Oct 201000:00 | – | nessus |
Tenable Nessus | GLSA-201401-06 : Git: Privilege escalation | 12 Jan 201400:00 | – | nessus |
Tenable Nessus | Fedora 14 : cgit-0.8.2.1-4.fc14 (2010-15387) | 6 Oct 201000:00 | – | nessus |
Tenable Nessus | openSUSE Security Update : git (openSUSE-SU-2011:0115-1) | 13 Jun 201400:00 | – | nessus |
Source | Link |
---|---|
security-tracker | www.security-tracker.debian.org/tracker/DSA-2114 |
debian | www.debian.org/security/2010/DSA-2114-1 |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.1.1.2010.2114");
script_cve_id("CVE-2010-2542");
script_tag(name:"creation_date", value:"2023-03-08 12:56:44 +0000 (Wed, 08 Mar 2023)");
script_version("2024-02-01T14:37:13+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:13 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian: Security Advisory (DSA-2114-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB5");
script_xref(name:"Advisory-ID", value:"DSA-2114-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2010/DSA-2114-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2114");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'git-core' package(s) announced via the DSA-2114-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create Git repositories. This upgrade fixes this regression, which is tracked as Debian bug #595728.
The original security issue allowed an attacker to execute arbitrary code if he could trick a local user to execute a git command in a crafted working directory (CVE-2010-2542).
For the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny3.2.
The packages for the hppa architecture are not included in this advisory. However, the hppa architecture is not known to be affected by the regression.
For the testing distribution (squeeze) and the unstable distribution (sid), the security issue has been fixed in version 1.7.1-1.1. These distributions were not affected by the regression.
We recommend that you upgrade your git-core packages.");
script_tag(name:"affected", value:"'git-core' package(s) on Debian 5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB5") {
if(!isnull(res = isdpkgvuln(pkg:"git-arch", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-core", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-core", ver:"1:1.5.6.5-3+lenny3.1+b1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-cvs", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-daemon-run", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-doc", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-email", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-gui", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"git-svn", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gitk", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gitweb", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo