NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2019-0027)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability: - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafte...

Atlassian SourceTree 1.2 < 3.1.1 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 1.2 prior to 3.1.1. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker can...

Security update for obs-service-tar_scm (important)

openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0329-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Backports SLE-15 An update tha...

Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...

openSUSE: Security Advisory for obs-service-tar_scm (openSUSE-SU-2019:0326-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the distributed Git version control system, related to errors in the processing of specially crafted submodule names, allows a hacker to execute arbitrary code.

The vulnerability of the distributed Git version control system is related to errors in the processing of specially crafted module names in the .gitmodules file. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

openSUSE Security Update : libgit2 (openSUSE-2018-1517)

This update for libgit2 fixes the following issues : Security issue fixed : - CVE-2018-17456: Submodule URLs and paths with a leading '-' are now ignored to avoid injecting options into library consumers that perform recursive clones bsc1110949. Non-security issues fixed : - Version update to...

Malicious Git HTTP Server For CVE-2018-17456

This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This module...

Git Submodule Arbitrary Code Execution

CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45631.zip Exploitation The...

Git Submodule - Arbitrary Code Execution

CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/45631.zip Exploitation The...

Git Submodule - Arbitrary Code Execution

Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...

MGASA-2018-0395 Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

Updated git packages fix security vulnerability

joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules CVE-2018-17456...

USN-3791-1: Git vulnerability

It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used...

USN-3791-1 git vulnerability

It was discovered that git did not properly validate git submodule urls or paths. A remote attacker could possibly use this to craft a git repository that causes arbitrary code execution when recursive operations are used...

Ubuntu: Security Advisory (USN-3791-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Git Submodule - Arbitrary Code Execution Vulnerability

Exploit for linux platform in category local exploits These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git...

Git Submodule Arbitrary Code Execution Vulnerability

Git is an open source distributed version control system A security vulnerability in the handling of the '-' character in the Git Submodule allows remote attackers to exploit the vulnerability by submitting a special request that can execute arbitrary code...

Git Submodule Arbitrary Code Execution

These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...

Git Submodule - Arbitrary Code Execution (PoC)

These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...