exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-9390

Status Candidate

Overview

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

Related Files

Gentoo Linux Security Advisory 201612-19
Posted Dec 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-19 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 3.8.4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9390, CVE-2014-9462, CVE-2016-3068, CVE-2016-3069, CVE-2016-3105, CVE-2016-3630
SHA-256 | 47c379d973e4969784c5bccded8e80c7573e79b6ec6f68d82c36130813ba786e
Gentoo Linux Security Advisory 201509-06
Posted Sep 25, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201509-6 - An attacker could execute arbitrary commands via Git repositories in a case-insensitive or case-normalizing filesystem. Versions less than 2.0.5 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2014-9390
SHA-256 | f5c875abddf16229107d11e985b0b6283b6e21ef181d91bc716e8c756b6d3cba
Mandriva Linux Security Advisory 2015-169
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-169 - It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the.git/config file when the client performed a git pull. Because git permitted committing.Git/config , on the pull this would replace the user's.git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9390
SHA-256 | 3d2e5be41e9078bea5ab6f6cc66bb8d225c3913892ae0f3c43bfd3fb44ff1607
Apple Security Advisory 2015-03-09-4
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof
systems | apple
advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390
SHA-256 | 4a50eb3c136fe092fc8abd8396cccba8eb128f4a15cfe7c70ec4f0d941b01848
Ubuntu Security Notice USN-2470-1
Posted Jan 14, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2470-1 - Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9390
SHA-256 | 85b950ee8227de6144153e9f9d7593a621bb882118bc9fc9f52fbfc82a0d2838
Malicious Git And Mercurial HTTP Server For CVE-2014-9390
Posted Jan 2, 2015
Authored by Jon Hart | Site metasploit.com

This Metasploit module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2014-9390
SHA-256 | 36d1712be284842da277dc56d61894ebadaefded1087a47ec4a5fe7a5c521ad3
Apple Security Advisory 2014-12-18-1
Posted Dec 20, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-12-18-1 - Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.

tags | advisory
systems | apple
advisories | CVE-2014-9390
SHA-256 | f61fd9d0d48bd3edc62fd01719a27d1689aae89d9c6537e9356ca5a7b525aa5c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close