Critical Photon OS Security Update - PHSA-2017-0078

Updates of 'dosfstools', 'git', 'libgcrypt', 'mercurial', 'linux', 'mysql', 'ncurses', 'gnutls', 'dnsmasq', 'apache- tomcat', 'binutils', 'c-ares', 'linux-esx', 'nginx', 'mesos', 'libtasn1' packages of Photon OS have been released...

Fedora 25 : git (2017-66aa5d1d33)

These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...

SUSE SLES12 Security Update : git (SUSE-SU-2017:2747-1)

This update for git fixes the following issues: This security issue was fixed : - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name bsc1061041. Note that Tenable...

SUSE-SU-2017:2747-1 Security update for git

This update for git fixes the following issues: This security issue was fixed: - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name bsc1061041...

SmoothCriminal Update: Additional Sandbox Detection Methods

PenTestIT RSS Feed About three months ago, I had written about a tool which helps you detect sandboxes using cursor movements. I was extremely busy, by the author of this tool - @G4lB1t was king enough to bring to my notice that it was about a SmoothCriminal update. This update brings in addition...

GitLab -- multiple vulnerabilities

GitLab reports: Cross-Site Scripting XSS vulnerability in the Markdown sanitization filter Yasin Soliman via HackerOne reported a Cross-Site Scripting XSS vulnerability in the GitLab markdown sanitization filter. The sanitization filter was not properly stripping invalid characters from URL schem...

CyberScan - Tool To Analyse Packets, Decoding , Scanning Ports, And Geolocation

CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including latitude, longitude , region , country ... Operating Systems Supported Windows XP/7/8/8.1/10 GNU/Linux MacOSX Installation You can download CyberSc...

Git Denial of Service Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A security vulnerability exists in Git 2.14.2 and earlier versions, which stems from the program's failure to properly handle the tree object layer. A remote...

Fedora Update for git FEDORA-2017-66aa5d1d33

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

DEBIAN-CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15298

CVE-2017-15298 is linked to Git up to version 2.14.2, where a vulnerability in how layers of tree objects are handled can allow a remote attacker to cause a denial of service via a crafted repository, with potential disk impact. The issue arises from memory data structure construction that may ex...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

Exploits

Exploits Containing Self Made Perl Reproducers / PoC Codes -...

Amazon Linux AMI : git (ALAS-2017-910)

The 'git' subcommand 'cvsserver' is a Perl script which makes excessive use of the backtick operator to invoke 'git'. Unfortunately user input is used within some of those invocations. It should be noted, that 'git-cvsserver' will be invoked by 'git-shell' by default without further configuration...

SUSE-SU-2017:2717-1 Security update for git

This update for git fixes the following issues: - CVE-2017-14867: A cvsserver perl script command injection was fixed CVE-2017-14867, bsc1061041:...