Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: git
From: Greg Brockman <gdb () MIT EDU>
Date: Wed, 21 Jul 2010 23:17:01 -0400

A fix for an exploitable buffer overrun was committed to git in [1].
In particular, if an attacker were to create a crafted working copy
where the user runs any git command, the attacker could force
execution of arbitrary code.

This attack should be mitigated to a denial of service if git is
compiled with appropriate stack-protecting flags.

This buffer overrun was introduced in [2], which first appeared in
v1.5.6, and is fixed in v1.7.2.


[1] http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc
[2] http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]