openSUSE Security Update : git (openSUSE-2018-1177)

This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. This update was imported from the SUSE:SLE-15:Updat...

Important: gitolite3

Issue Overview: Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

Important: git

Issue Overview: Git before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.CVE-2018-17456 Affected Packages: git Issue Correction: Run yum update git or yum update --advisory...

Git Submodule Arbitrary Code Execution

CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip Exploitation The...

[SECURITY] Fedora 28 Update: libgit2-0.26.7-1.fc28

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Git Submodule - Arbitrary Code Execution

CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/45631.zip Exploitation The...

FreeBSD : Libgit2 -- multiple vulnerabilities (8c08ab4c-d06c-11e8-b35c-001b217b3468)

The Git community reports : Multiple vulnerabilities. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled'...

Git Submodule - Arbitrary Code Execution

Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...

SUSE-SU-2018:3150-1 Security update for git

This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949...

openSUSE Security Update : git (openSUSE-2018-1147)

This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

USN-3791-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code...

[SECURITY] Fedora 27 Update: libgit2-0.26.7-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Quasar - An Information Gathering Framework For Lazy Penetration Testers

Quasar Is An Information Gathering Framework For Penetration Testers Coded By Belahsan Ouerghi: Website Informations E-mail Address Checker Phone Number Information Credit Card Bin Checker Ip Locator Port Scanner Installation sudo apt-get install git git clone...

MGASA-2018-0395 Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

openSUSE: Security Advisory for git (openSUSE-SU-2018:3109-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for git (important)

This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949...

USN-3791-1: Git vulnerability

It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used...

USN-3791-1 git vulnerability

It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used...

Ubuntu: Security Advisory (USN-3791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...