GLSA-201509-06 : Git: Arbitrary command execution

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201509-06
(Git: Arbitrary command execution)

A vulnerability in Git causing Git-compatible clients that access
case-insensitive or case-normalizing filesystems to overwrite the
.git/config when cloning or checking out a repository, leading to
execution of arbitrary commands.

Impact :

An attacker can execute arbitrary commands on a client machine that
clones a crafted malicious Git tree.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201509-06

Solution :

All Git 1.8.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-vcs/git-1.8.5.6'
All Git 1.9.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-vcs/git-1.9.5'
All Git 2.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-vcs/git-2.0.5'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 86137 ()

Bugtraq ID:

CVE ID: CVE-2014-9390

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now