10041 matches found
Git Security Bypass Vulnerability
Git is an open source distributed version control system that can handle versioning from very small to very large projects efficiently and at high speed. A security bypass vulnerability exists in Git. An attacker could exploit this vulnerability to perform unauthorized operations bypassing securi...
Cangibrina - A Fast And Powerfull Dashboard (Admin) Finder
Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap --nmap TOR --tor Install: Linux git clone http://github.com/fnk0c/cangibrina.git cd...
SUSE SLES12 Security Update : git (SUSE-SU-2017:1357-1)
This update for git fixes the following issues : - git 2.12.3 : - CVE-2017-8386: Fix git-shell not to escape with the starting dash name bsc1038395 - Fix for potential segv introduced in v2.11.0 and later - Misc fixes and cleanups. - git 2.12.2 : - CLI output fixes - 'Dump http' transport fixes -...
SUSE-SU-2017:1357-1 Security update for git
This update for git fixes the following issues: - git 2.12.3: CVE-2017-8386: Fix git-shell not to escape with the starting dash name bsc1038395 Fix for potential segv introduced in v2.11.0 and later Misc fixes and cleanups. - git 2.12.2: CLI output fixes 'Dump http' transport fixes various fixes...
Arbitrary shell execution
Security Advisory - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrad...
Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3287-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3287-1 advisory. Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an...
Fedora 25 : git (2017-f4319b6dfc)
An issue in git-shell could allow remote users to run an interactive pager. From the update announcement : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' CVE-2017-8386. Th...
USN-3287-1 git vulnerability
Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information...
USN-3287-1: Git vulnerability
Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information...
[SECURITY] Fedora 25 Update: git-2.9.4-1.fc25
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
Fedora Update for git FEDORA-2017-f4319b6dfc
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3287-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 26 Update: git-2.13.0-1.fc26
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
CVE-2017-8386
A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted...
[ASA-201705-14] git: access restriction bypass
Arch Linux Security Advisory ASA-201705-14 ========================================== Severity: High Date : 2017-05-12 CVE-ID : CVE-2017-8386 Package : git Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-267 Summary ======= The package git before version...
Debian DSA-3848-1 : git - security update
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn 'git upload-pack --help'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian DLA-938-1 : git security update
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn 'git upload-pack --help'. For Debian 7 'Wheezy', these problems have been fixed in version 1:1.7.10.4-1+wheezy4. We...
Git Shell Bypass By Abusing Less (CVE-2017-8386)
The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows:...
Security fix for the ALT Linux 10 package git version 2.10.3-alt1
May 11, 2017 Dmitry V. Levin 2.10.3-alt1 - 2.10.2 - 2.10.3 fixes: CVE-2017-8386...
Security fix for the ALT Linux 8 package git version 2.10.3-alt1
May 11, 2017 Dmitry V. Levin 2.10.3-alt1 - 2.10.2 - 2.10.3 fixes: CVE-2017-8386...