Twenty Year Anniversary
Showing 1 - 8 of 8 RSS Feed

CVE-2018-11235

Status Candidate

Overview

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

Related Files

Sourcetree Remote Code Execution
Posted Jul 24, 2018
Authored by Etienne Stalmans, Terry Zhang | Site atlassian.com

Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2018-11235, CVE-2018-13385, CVE-2018-13386
MD5 | ffd1af7b7aad2d8c118a349c62b11a04
Red Hat Security Advisory 2018-2147-01
Posted Jul 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2147-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 80b7472fdd90cb13f8d09f58c85a791e
Red Hat Security Advisory 2018-1957-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1957-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11235
MD5 | 03093ce363c16c56dca16dd051bcd79d
Apple Security Advisory 2018-06-13-01
Posted Jun 15, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | ffe9f4622f84c7332012056b2dc02b44
Ubuntu Security Notice USN-3671-1
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3671-1 - Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 25303632420b77046f5c6aa93da590ef
Slackware Security Advisory - git Updates
Posted Jun 1, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | 7b315afe9708585af515d0dface977dc
Git Remote Code Execution
Posted Jun 1, 2018
Authored by Jameel Nabbo

Git versions prior to 2.17.1 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-11235
MD5 | e695985eb1d045c6e63efc8b6523d8fa
Gentoo Linux Security Advisory 201805-13
Posted May 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-13 - Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code. Versions less than 2.16.4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-11233, CVE-2018-11235
MD5 | c16058d1bd385b6710dea5be60516fa8
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close