ID CVE-2018-11233
Summary In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • git-scm git 2.13.6
    cpe:2.3:a:git-scm:git:2.13.6
  • git-scm git 2.14.0
    cpe:2.3:a:git-scm:git:2.14.0
  • git-scm git 2.14.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.14.0:rc0
  • git-scm git 2.14.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.14.0:rc1
  • git-scm git 2.14.1
    cpe:2.3:a:git-scm:git:2.14.1
  • git-scm git 2.14.2
    cpe:2.3:a:git-scm:git:2.14.2
  • git-scm git 2.15.0
    cpe:2.3:a:git-scm:git:2.15.0
  • git-scm git 2.15.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.15.0:rc0
  • git-scm git 2.15.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.15.0:rc1
  • git-scm git 2.17.0
    cpe:2.3:a:git-scm:git:2.17.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C7A135F466A411E89E633085A9A47796.NASL
    description The Git community reports : - In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. - In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110304
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110304
    title FreeBSD : Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) (c7a135f4-66a4-11e8-9e63-3085a9a47796)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-557.NASL
    description This update for fixes the following security issues : - path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233, boo#1095218) - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235, boo#1095219)
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110335
    published 2018-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110335
    title openSUSE Security Update : git (openSUSE-2018-557)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1035.NASL
    description In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.(CVE-2018-11233) In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110458
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110458
    title Amazon Linux AMI : git (ALAS-2018-1035)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1872-1.NASL
    description This update for git to version 2.16.4 fixes several issues. These security issues were fixed : - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120026
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120026
    title SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:1872-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1566-2.NASL
    description This update for git fixes several issues. These security issues were fixed : CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118260
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118260
    title SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3671-1.NASL
    description Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when 'git clone --recurse-submodules' is used. (CVE-2018-11235) It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110395
    published 2018-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110395
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : git vulnerabilities (USN-3671-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0053_GIT.NASL
    description An update of the git package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121953
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121953
    title Photon OS 2.0: Git PHSA-2018-2.0-0053
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0145_GIT.NASL
    description An update of the git package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121844
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121844
    title Photon OS 1.0: Git PHSA-2018-1.0-0145
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-152-01.NASL
    description New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110308
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110308
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2018-152-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1566-1.NASL
    description This update for git fixes several issues. These security issues were fixed : - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110411
    published 2018-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110411
    title SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-1)
  • NASL family Windows
    NASL id GIT_FOR_WINDOWS_2_17_1.NASL
    description The version of Git for Windows installed on the remote host is 2.13.x prior to 2.13.7, 2.14.x prior to 2.14.4, 2.15.x prior to 2.15.2, 2.16.x prior to 2.16.4 or 2.17.x prior to 2.17.1. It is, therefore, affected by a remote code execution vulnerability.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 110270
    published 2018-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110270
    title Git for Windows 2.13.x < 2.13.7 / 2.14.x < 2.14.4 / 2.15.x < 2.15.2 / 2.16.x < 2.16.4 / 2.17.x < 2.17.1 Remote Code Execution
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-75F7624A9F.NASL
    description Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct .c.googlers.com/) : ``` - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ``` A preliminary patch to resolve an issue with zlib on aarch64 is also included (RHBZ#1582555). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120535
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120535
    title Fedora 28 : git (2018-75f7624a9f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-080A3D7866.NASL
    description Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct .c.googlers.com/) : ``` - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ``` Also fix a segfault in rev-parse with invalid input (#1581678) and install contrib/diff-highlight (#1550251). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110299
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110299
    title Fedora 27 : git (2018-080a3d7866)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201805-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201805-13 (Git: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could execute arbitrary code on both client and server. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110212
    published 2018-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110212
    title GLSA-201805-13 : Git: Multiple vulnerabilities
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0145.NASL
    description An update of {'git'} packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111273
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111273
    title Photon OS update (deprecated)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0053.NASL
    description An update of {'git'} packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111307
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111307
    title Photon OS 2.0 : git (PhotonOS-PHSA-2018-2.0-0053) (deprecated)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1035.NASL
    description In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.(CVE-2018-11233) In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110452
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110452
    title Amazon Linux 2 : git (ALAS-2018-1035)
redhat via4
advisories
rhsa
id RHSA-2018:2147
refmap via4
bid 104346
gentoo GLSA-201805-13
misc https://marc.info/?l=git&m=152761328506724&w=2
sectrack 1040991
ubuntu USN-3671-1
Last major update 30-05-2018 - 00:29
Published 30-05-2018 - 00:29
Last modified 29-03-2019 - 10:46
Back to Top