The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell.

An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands subject to the privileges under which the web server operates.

It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-3546)

It was discovered that the Git web interface (gitweb) did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-5516, CVE-2008-5517)

It was discovered that the Git web interface (gitweb) did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200903-15 (git: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in gitweb that is part of     the git package:
    Shell metacharacters related to git_search are not properly sanitized     (CVE-2008-5516).
    Shell metacharacters related to git_snapshot and git_object are not     properly sanitized (CVE-2008-5517).
    The diff.external configuration variable as set in a repository can be     executed by gitweb (CVE-2008-5916).
  Impact :

    A remote unauthenticated attacker can execute arbitrary commands via     shell metacharacters in a query, remote attackers with write access to     a git repository configuration can execute arbitrary commands with the     privileges of the user running gitweb by modifying the diff.external     configuration variable in the repository and sending a crafted query to     gitweb.
  Workaround :

    There is no known workaround at this time.

New git packages are available for Slackware 12.0, 12.1, 12.2, and
-current to fix security issues.

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities :

Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality (CVE-2008-5916 ).

Local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server (CVE-2008-5516, CVE-2008-5517 ).

Insufficient quoting of shell characters allowed remote attackers to execute arbitrary commands via the git web interface (CVE-2008-5517)

ID	Name	Product	Family	Severity
44675	GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution	Nessus	CGI abuses	high
36720	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)	Nessus	Ubuntu Local Security Checks	high
35813	GLSA-200903-15 : git: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
35728	Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)	Nessus	Slackware Local Security Checks	high
35425	Debian DSA-1708-1 : git-core - shell command injection	Nessus	Debian Local Security Checks	high
35330	openSUSE 10 Security Update : git (git-5892)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2008-5517

critical

Tenable Plugins

high

high

high

high

high

high