Mandriva Linux Security Advisory : git (MDVSA-2015:169)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated git packages fix security vulnerability :

It was reported that git, when used as a client on a case-insensitive
filesystem, could allow the overwrite of the .git/config file when the
client performed a git pull. Because git permitted committing
.Git/config (or any case variation), on the pull this would replace
the user's .git/config. If this malicious config file contained
defined external commands (such as for invoking and editor or an
external diff utility) it could allow for the execution of arbitrary
code with the privileges of the user running the git client
(CVE-2014-9390).

See also :

http://advisories.mageia.org/MGASA-2014-0546.html

Solution :

Update the affected packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82422 ()

Bugtraq ID:

CVE ID: CVE-2014-9390

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now