Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-723-1
HistoryFeb 18, 2009 - 12:00 a.m.

Git vulnerabilities

2009-02-1800:00:00
ubuntu.com
31

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.347 Low

EPSS

Percentile

97.1%

JSON

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 6.06

Packages

  • git-core -

Details

It was discovered that Git did not properly handle long file paths. If a user
were tricked into performing commands on a specially crafted Git repository, an
attacker could possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-3546)

It was discovered that the Git web interface (gitweb) did not correctly handle
shell metacharacters when processing certain commands. A remote attacker could
send specially crafted commands to the Git server and execute arbitrary code
with the privileges of the Git web server. This issue only applied to Ubuntu
7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)

It was discovered that the Git web interface (gitweb) did not properly restrict
the diff.external configuration parameter. A local attacker could exploit this
issue and execute arbitrary code with the privileges of the Git web server.
This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchgit-core< 1:1.5.6.3-1.1ubuntu2.1UNKNOWN
Ubuntu8.10noarchgitweb< 1:1.5.6.3-1.1ubuntu2.1UNKNOWN
Ubuntu8.04noarchgit-core< 1:1.5.4.3-1ubuntu2.1UNKNOWN
Ubuntu8.04noarchgitweb< 1:1.5.4.3-1ubuntu2.1UNKNOWN
Ubuntu7.10noarchgit-core< 1:1.5.2.5-2ubuntu0.1UNKNOWN
Ubuntu7.10noarchgitweb< 1:1.5.2.5-2ubuntu0.1UNKNOWN
Ubuntu6.06noarchgit-core< 1.1.3-1ubuntu1.1UNKNOWN

Related

nessus 14
openvas 27
gentoo 2
osv 2
slackware 1
debian 3
seebug 2
redhatcve 4
packetstorm 1
exploitpack 1
exploitdb 1
prion 4
ubuntucve 4
cve 4
fedora 1
securityvulns 2
nessus
nessus
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)
2009-04-23 00:00:00
GLSA-200903-15 : git: Multiple vulnerabilities
2009-03-10 00:00:00
Debian DSA-1708-1 : git-core - shell command injection
2009-01-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-723-1)
2009-06-05 00:00:00
Gentoo Security Advisory GLSA 200903-15 (git)
2009-03-13 00:00:00
Debian: Security Advisory (DSA-1708-1)
2009-01-20 00:00:00
gentoo
gentoo
git: Multiple vulnerabilties
2009-03-09 00:00:00
Git: User-assisted execution of arbitrary code
2008-09-25 00:00:00
osv
osv
git-core - remote code execution
2009-01-19 00:00:00
git-core - buffer overflow
2008-09-15 00:00:00
slackware
slackware
git
2009-02-20 17:06:57
debian
debian
[SECURITY] [DSA 1708-1] New Git packages fix remote code execution
2009-01-19 20:53:42
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow
2008-09-15 07:38:47
[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow
2008-09-15 07:38:47
seebug
seebug
gitWeb v1.5.2 Remote Command Execution
2010-02-19 00:00:00
gitWeb 1.5.2 - Remote Command Execution
2014-07-01 00:00:00
redhatcve
redhatcve
CVE-2008-5516
2019-10-04 20:54:58
CVE-2008-5517
2019-10-04 20:55:05
CVE-2008-5916
2019-10-04 20:57:39
packetstorm
packetstorm
gitWeb 1.x Remote Command Execution
2010-02-19 00:00:00
exploitpack
exploitpack
gitWeb 1.5.2 - Remote Command Execution
2010-02-18 00:00:00
exploitdb
exploitdb
gitWeb 1.5.2 - Remote Command Execution
2010-02-18 00:00:00
prion
prion
Design/Logic Flaw
2009-01-21 02:30:00
Design/Logic Flaw
2009-01-20 16:30:00
Design/Logic Flaw
2009-01-13 17:00:00
ubuntucve
ubuntucve
CVE-2008-5916
2009-01-21 00:00:00
CVE-2008-5516
2009-01-20 00:00:00
CVE-2008-5517
2009-01-13 00:00:00
cve
cve
CVE-2008-5916
2009-01-21 02:30:00
CVE-2008-5516
2009-01-20 16:30:00
CVE-2008-5517
2009-01-13 17:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: git-1.5.6.5-1.fc9
2008-10-23 16:40:34
securityvulns
securityvulns
git buffer overflow
2008-08-15 00:00:00
rPSA-2008-0253-1 git gitweb
2008-08-15 00:00:00

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.347 Low

EPSS

Percentile

97.1%

JSON
Related for USN-723-1
nessus14openvas27gentoo2osv2slackware1debian3seebug2redhatcve4packetstorm1exploitpack1exploitdb1prion4ubuntucve4cve4fedora1securityvulns2