Debian DSA-1777-1 : git-core - file permission error

high Nessus Plugin ID 36208

Synopsis

The remote Debian host is missing a security-related update.

Description

Peter Palfrader discovered that in the Git revision control system, on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges.

This issue only affects the DEC Alpha and MIPS (big and little endian) architectures.

Solution

Upgrade the git-core package.

For the old stable distribution (etch), this problem has been fixed in version 1.4.4.4-4+etch2.

For the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516669

https://www.debian.org/security/2009/dsa-1777

Plugin Details

Severity: High

ID: 36208

File Name: debian_DSA-1777.nasl

Version: 1.10

Type: local

Agent: unix

Published: 4/22/2009

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:git-core, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 4/21/2009

Reference Information

DSA: 1777