Secunia Security Advisory - Some weaknesses have been reported in gitolite, which can be exploited by malicious users to bypass certain security restrictions.
cc57be5363f50372c285d1228cd36e1ffbf9c33ca1f275d76d39f6e0687aaa97
----------------------------------------------------------------------
Proof-of-Concept (PoC) and Extended Analysis available for customers.
Get a free trial, contact sales@secunia.com
----------------------------------------------------------------------
TITLE:
gitolite Security Bypass Weaknesses
SECUNIA ADVISORY ID:
SA39587
VERIFY ADVISORY:
http://secunia.com/advisories/39587/
DESCRIPTION:
Some weaknesses have been reported in gitolite, which can be
exploited by malicious users to bypass certain security
restrictions.
1) Certain actions are not properly restricted, which can be
exploited by malicious gitolite administrators to e.g. gain shell
access.
2) The file names of public keys are not properly sanitised, which
can be exploited to inject and execute shell commands via specially
named key files.
SOLUTION:
Update to version 1.4.1 or later.
NOTE: Weakness #2 is also fixed in version 1.4.0. If you are updating
from e.g. version 1.4.0 and renamed or deleted a public key file,
follow the instructions listed in commit
1e06fea3b6959faeb72d8dca46cd4753ada48637.
http://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637
PROVIDED AND/OR DISCOVERED BY:
1) Eli Barzilay and teukka.
2) Reported by the vendor.
ORIGINAL ADVISORY:
1)
http://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637
http://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa
2)
http://github.com/sitaramc/gitolite/commit/5deffee3cff5f9a13c59b8c1e357c5a32487d1c3
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------