Malicious Git and Mercurial HTTP Server For CVE-2014-9390

This module exploits CVE-2014-9390, which affects Git versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and Mercurial versions less than 3.2.3 and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be...

Git for Windows Detection

Binary data gitforwindowsinstalled.nbin...

Git for Windows .git/config Command Execution

The version of Git for Windows also known as msysGit installed on the remote host is prior to 1.9.5. It is, therefore, affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a...

[SECURITY] Fedora 21 Update: eclipse-jgit-3.5.3-1.fc21

A pure Java implementation of the Git version control system...

[SECURITY] Fedora 21 Update: eclipse-egit-3.5.3-1.fc21

The eclipse-egit package contains Eclipse plugins for interacting with Git repositories...

CVE-2013-4663

githttpcontroller.rb in the redminegithosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the service parameter to info/refs, related to the getinforefs function or 2 the reqfile argument to the fileexists function...

CVE-2013-4663

githttpcontroller.rb in the redminegithosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the service parameter to info/refs, related to the getinforefs function or 2 the reqfile argument to the fileexists function...

CVE-2013-4663

The CVE-2013-4663 entry concerns the redmine_git_hosting plugin for Redmine. The vulnerability is in git_http_controller.rb, where remote attackers can execute arbitrary commands by supplying shell metacharacters in (1) the service parameter to info/refs (get_info_refs function) or (2) the reqfil...

About. git/config file leaked use-vulnerability warning-the black bar safety net

The beginning is also from the dark clouds that have such a vulnerability, many do not understand the might see on will feel a little confused, in fact, this vulnerability and svn leakage there is so little similar, can also according to the configuration file to restore the entire project proces...

Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

MGASA-2014-0546 Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

GitHub < 1.9.4 .git/config Command Execution (Mac OS X)

The remote Mac OS X host has a version of GitHub prior to 194 installed. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a...

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .gi...

Apple Xcode git client unauthorized files access

Invali processing of characters case in special files names...

GitHub for Windows < 2.6.5 .git/config Command Execution

The version of GitHub for Windows installed on the remote host is prior to 2.6.5. It is, therefore, affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tre...

FreeBSD : git -- Arbitrary command execution on case-insensitive filesystems (1d567278-87a5-11e4-879c-000c292ee6b8)

The Git Project reports : When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

Git client vulnerability is discovered affecting Windows and OS X versions-bug warning-the black bar safety net

Git project release Git v2. 2. 1, The fixed a effects Windows and Mac OS X client security vulnerabilities. Linux, although not affected, but if the Linux hosting services with Windows and OS X user, so as to protect the user Best or to upgrade to the latest version. Issues related to...

GitHub Fixes Critical Vulnerability, Urges Users to Update Immediately

GitHub is strongly encouraging all Mac OS X and Windows users of GitHub and GitHub Enterprise to update their Git clients as soon as possible. The GMANE mailing list published the details of a critical arbitrary code execution vulnerability affecting all versions of the official Git client and al...

Critical Git Client vulnerability Allows Malicious Remote Code Execution

Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. T...

UBUNTU-CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...