Showing 1 - 3 of 3

CVE-2022-29187

Status Candidate

Overview

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

Related Files

Debian Security Advisory 5332-1: Posted Jan 30, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.; tags | advisory, remote, arbitrary, shell, local, code execution; systems | linux, debian; advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903; SHA-256 | da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641d; Download | Favorite | View

Apple Security Advisory 2022-11-01-1: Posted Nov 8, 2022; Authored by Apple | Site apple.com; Apple Security Advisory 2022-11-01-1 - Xcode 14.1 addresses code execution vulnerabilities.; tags | advisory, vulnerability, code execution; systems | apple; advisories | CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-42797; SHA-256 | 283ad9d8171efece3850247f493b6534fc49e5c0a1da52d7fc3564099bd20c39; Download | Favorite | View

Ubuntu Security Notice USN-5511-1: Posted Jul 14, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-24765, CVE-2022-29187; SHA-256 | 2187042902f29974eefb77be62b823733a9b3d98380581f7bb2aa7ceb8e00186; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 180 files
Ubuntu 78 files
indoushka 48 files
Debian 29 files
CraCkEr 29 files
Google Security Research 12 files
Apple 9 files
Gentoo 9 files
nu11secur1ty 5 files
Jann Horn 4 files

File Archives

Systems

AIX (426)
Apple (1,945)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,673)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (337)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,655)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (480)
RedHat (12,657)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,287)
UNIX (9,188)
UnixWare (185)
Windows (6,520)
Other

CVE-2022-29187

Overview

Related Files

File Archive:

February 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems