252208 – dev-util/git < 1.5.4.7, 1.5.5.6, 1.5.6.6, 1.6.0.6 Privilege Escalation

Bug 252208 - dev-util/git < 1.5.4.7, 1.5.5.6, 1.5.6.6, 1.6.0.6 Privilege Escalation

Summary: dev-util/git < 1.5.4.7, 1.5.5.6, 1.5.6.6, 1.6.0.6 Privilege Escalation

Status:	RESOLVED DUPLICATE of bug 251343

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/Advisories/33270/
Whiteboard:	B4 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2008-12-22 21:08 UTC by Bruno Buss
Modified:	2008-12-23 12:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bruno Buss 2008-12-22 21:08:56 UTC

Description:
"A security issue has been reported in GIT, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the "gitweb" implementation improperly verifying repository configuration variables. This can be exploited to execute arbitrary commands with the privileges of the "gitweb" user via a specially crafted "diff.external" configuration variable.


Solution:
Update to version 1.5.4.7, 1.5.5.6, 1.5.6.6, or 1.6.0.6."

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-12-23 10:26:56 UTC


*** This bug has been marked as a duplicate of bug 251343 ***

Comment 2 Tobias Heinlein (RETIRED) gentoo-dev

2008-12-23 12:38:26 UTC

Bruno, this is actually not your fault since the bug has been reported a few days ago already and was not public.