exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2018-11235

Status Candidate

Overview

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

Related Files

Sourcetree Remote Code Execution
Posted Jul 24, 2018
Authored by Etienne Stalmans, Terry Zhang | Site atlassian.com

Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2018-11235, CVE-2018-13385, CVE-2018-13386
MD5 | ffd1af7b7aad2d8c118a349c62b11a04
Red Hat Security Advisory 2018-2147-01
Posted Jul 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2147-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 80b7472fdd90cb13f8d09f58c85a791e
Red Hat Security Advisory 2018-1957-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1957-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11235
MD5 | 03093ce363c16c56dca16dd051bcd79d
Apple Security Advisory 2018-06-13-01
Posted Jun 15, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | ffe9f4622f84c7332012056b2dc02b44
Ubuntu Security Notice USN-3671-1
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3671-1 - Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 25303632420b77046f5c6aa93da590ef
Slackware Security Advisory - git Updates
Posted Jun 1, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 7b315afe9708585af515d0dface977dc
Git Remote Code Execution
Posted Jun 1, 2018
Authored by Jameel Nabbo

Git versions prior to 2.17.1 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-11235
MD5 | e695985eb1d045c6e63efc8b6523d8fa
Gentoo Linux Security Advisory 201805-13
Posted May 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-13 - Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code. Versions less than 2.16.4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | c16058d1bd385b6710dea5be60516fa8
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    31 Files
  • 15
    Feb 15th
    10 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close