10046 matches found
Debian DLA-1120-1 : git security update
joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support ha...
openSUSE Security Update : git (openSUSE-2017-1115)
This update for git to version 2.13.6 fixes the following issues : - CVE-2017-14867: Various Perl scripts did not use safepipecapture instead of backticks, leaving them susceptible to end-user input boo1061041 As an additional measure, 'git cvsserver' no longer is invoked by 'git daemon' by...
[SECURITY] [DLA 1120-1] git security update
Package : git Version : 1:1.7.10.4-1+wheezy6 CVE ID : CVE-2017-14867 Debian Bug : 876854 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The...
DLA-1120-1 git - security update
Bulletin has no description...
[SECURITY] Fedora 27 Update: git-2.14.2-2.fc27
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
DEBIAN-CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
AZL-43047 CVE-2017-14867 affecting package git for versions less than 2.45.2-1
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
Design/Logic Flaw
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
Fedora 26 : git (2017-9b35152c83)
These releases are about hardening git shell that is used on servers against an unsafe user input, which git cvsserver copes with poorly. From the release notes : - 'git cvsserver' no longer is invoked by 'git shell' by default, as it is old and largely unmaintained. - Various Perl scripts did no...
Git OS Command Injection Vulnerability
Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A command injection vulnerability exists in the Git operating system. The vulnerability can be exploited to execute arbitrary operating system commands with the he...
[SECURITY] Fedora 26 Update: git-2.13.6-1.fc26
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
CVE-2017-14867
CVE-2017-14867 affects Git and is caused by unsafe Perl scripts used to support subcommands (notably cvsserver). Vulnerable builds include Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2. The flaw allows an attacker to execute arbitrar...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
Git cvsserver Remote Command Execution Vulnerability
The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
Git cvsserver Remote Command Execution
Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 git-cvsserver https://git-scm.com Vendor communication 2017-09-08 Sent vulnerability details to the git-security list 2017-09-09 Acknowledgement of t...