Detections
Analytics
openSUSE Security Update : libgit2 (openSUSE-2015-288)
critical Nessus Plugin ID 82634
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems.The following vulnerability was fixed :
- When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands (boo#925040, CVE-2014-9390).
The configuration is uncommon as all default file systems on openSUSE are case sensitive.
Additionally, on openSUSE 13.2 libgit2 was updated to version 0.21.5 to backport further critical fixes.
Solution
Update the affected libgit2 packages.See Also
Plugin Details
Severity: Critical
ID: 82634
File Name: openSUSE-2015-288.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 4/8/2015
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libgit2-0, p-cpe:/a:novell:opensuse:libgit2-0-debuginfo, p-cpe:/a:novell:opensuse:libgit2-21, p-cpe:/a:novell:opensuse:libgit2-21-debuginfo, p-cpe:/a:novell:opensuse:libgit2-debugsource, p-cpe:/a:novell:opensuse:libgit2-devel, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2
Required KB Items: Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu, Host/local_checks_enabled
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/31/2015
Vulnerability Publication Date: 2/12/2020
Exploitable With
Core Impact
Metasploit (Malicious Git and Mercurial HTTP Server For CVE-2014-9390)
Reference Information
CVE: CVE-2014-9390