Arbitrary Shell Command Execution

Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules...

Fedora 28 : git (2018-75f7624a9f)

Upstream security fixes related to .gitmodules handling. From the upstream announcement : - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GITDIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. ...

SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:2469-1)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

SUSE SLES12 Security Update : git (SUSE-SU-2018:4088-1)

This update for git fixes the following issue : CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. Note that Tenable Network Security has extracted the...

EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1388)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - git: arbitrary code execution via .gitmodules CVE-2018-17456 Note that Tenable Network Security has extracted the preceding description block directly...

Scientific Linux Security Update : git on SL7.x x86_64 (20181031)

Security Fixes : - git: arbitrary code execution via .gitmodules CVE-2018-17456 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119206; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

git security update

1.8.3.1-20 - Fix CVE-2018-17456: arbitrary code execution via .gitmodules Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1...

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Important: git

Issue Overview: Git before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.CVE-2018-17456 Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Fedora 27 : git (2018-d5139c4fd6)

Upstream security update resolving an issue with git clone --recurse-submodules. From the upstream release announcement : These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with...

Amazon Linux AMI : git (ALAS-2018-1093)

Git before 2.14.5, allows remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character.CVE-2018-17456 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Git Submodule - Arbitrary Code Execution

Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...

SUSE-SU-2018:3150-1 Security update for git

This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949...

openSUSE Security Update : git (openSUSE-2018-1147)

This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MGASA-2018-0395 Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

Git Submodule - Arbitrary Code Execution Vulnerability

Exploit for linux platform in category local exploits These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git...

Debian DSA-4311-1 : git - security update

joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules. C Tenable Network Security, Inc. The descriptive text an...

Git Submodule Arbitrary Code Execution

These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...

ALPINE-CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character...