ID CVE-2018-11235
Summary In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • git-scm git 2.13.6
    cpe:2.3:a:git-scm:git:2.13.6
  • git-scm git 2.14.0
    cpe:2.3:a:git-scm:git:2.14.0
  • git-scm git 2.14.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.14.0:rc0
  • git-scm git 2.14.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.14.0:rc1
  • git-scm git 2.14.1
    cpe:2.3:a:git-scm:git:2.14.1
  • git-scm git 2.14.2
    cpe:2.3:a:git-scm:git:2.14.2
  • git-scm git 2.15.0
    cpe:2.3:a:git-scm:git:2.15.0
  • git-scm git 2.15.0 Release Candidate 0
    cpe:2.3:a:git-scm:git:2.15.0:rc0
  • git-scm git 2.15.0 Release Candidate 1
    cpe:2.3:a:git-scm:git:2.15.0:rc1
  • cpe:2.3:a:git-scm:git:2.17.0
    cpe:2.3:a:git-scm:git:2.17.0
  • cpe:2.3:a:gitforwindows:git:2.17.1
    cpe:2.3:a:gitforwindows:git:2.17.1
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-254
CAPEC
exploit-db via4
  • description Git < 2.17.1 - Remote Code Execution. CVE-2018-11235. Remote exploit for Linux platform
    id EDB-ID:44822
    last seen 2018-06-01
    modified 2018-06-01
    published 2018-06-01
    reporter Exploit-DB
    source https://www.exploit-db.com/download/44822/
    title Git < 2.17.1 - Remote Code Execution
  • description Git Submodule - Arbitrary Code Execution. CVE-2018-17456. Local exploit for Linux platform
    file exploits/linux/local/45631.md
    id EDB-ID:45631
    last seen 2018-11-27
    modified 2018-10-16
    platform linux
    port
    published 2018-10-16
    reporter Exploit-DB
    source https://old.exploit-db.com/download/45631/
    title Git Submodule - Arbitrary Code Execution
    type local
  • id EDB-ID:44822
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1314.NASL
    description This update for libgit2 fixes the following issues : - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256). - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219) - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker could have used this flaw to leak memory addresses or cause a Denial of Service. (bsc#1100613) - CVE-2018-10888: A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (bsc#1100612) - CVE-2018-15501: A remote attacker can send a crafted smart-protocol 'ng' packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. (bsc#1104641) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 118486
    published 2018-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118486
    title openSUSE Security Update : libgit2 (openSUSE-2018-1314)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-922.NASL
    description This update for libgit2 to version 0.26.5 fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause denial of service (DoS) (bsc#1100613). - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file, which could be exploited by an attacker t ocause a denial of service (DoS) (bsc#1100612). - CVE-2018-11235: Fixed a remote code execution, which could occur with a crafted .gitmodules file (bsc#1095219) - CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol 'ng' packets (bsc#1104641) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-09-07
    plugin id 112139
    published 2018-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112139
    title openSUSE Security Update : libgit2 (openSUSE-2018-922)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-B10E54263A.NASL
    description Update to 0.26.4 (CVE-2018-11235) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120715
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120715
    title Fedora 28 : libgit2 (2018-b10e54263a)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2469-1.NASL
    description This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause denial of service (DoS) (bsc#1100613). - CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file, which could be exploited by an attacker t ocause a denial of service (DoS) (bsc#1100612). - CVE-2018-11235: Fixed a remote code execution, which could occur with a crafted .gitmodules file (bsc#1095219) - CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol 'ng' packets (bsc#1104641) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120086
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120086
    title SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:2469-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180620_GIT_ON_SL7_X.NASL
    description Security Fix(es) : - git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110655
    published 2018-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110655
    title Scientific Linux Security Update : git on SL7.x x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C7A135F466A411E89E633085A9A47796.NASL
    description The Git community reports : - In affected versions of Git, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. - In affected versions of Git, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110304
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110304
    title FreeBSD : Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235) (c7a135f4-66a4-11e8-9e63-3085a9a47796)
  • NASL family MacOS X Local Security Checks
    NASL id ATLASSIAN_SOURCETREE_2_7_6_MACOSX.NASL
    description The version of Atlassian SourceTree installed on the remote host is a version 1.0b2 prior to 2.7.6 on Mac OSX. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-09-11
    plugin id 117405
    published 2018-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117405
    title Atlassian SourceTree 1.0b2 < 2.7.6 Remote Code Execution Vulnerabilities (Mac OSX)
  • NASL family Windows
    NASL id ATLASSIAN_SOURCETREE_2_6_9.NASL
    description The version of Atlassian SourceTree installed on the remote host is a version 0.5.1.0 prior to 2.6.9 . It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-09-11
    plugin id 117406
    published 2018-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117406
    title Atlassian SourceTree 0.5.1.0 < 2.6.9 Remote Code Execution Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1957.NASL
    description From Red Hat Security Advisory 2018:1957 : An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110629
    published 2018-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110629
    title Oracle Linux 7 : git (ELSA-2018-1957)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1377.NASL
    description According to the versions of the git package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.(CVE-2017-8386) - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 119068
    published 2018-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119068
    title EulerOS Virtualization 2.5.1 : git (EulerOS-SA-2018-1377)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-557.NASL
    description This update for fixes the following security issues : - path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233, boo#1095218) - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235, boo#1095219)
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110335
    published 2018-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110335
    title openSUSE Security Update : git (openSUSE-2018-557)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1035.NASL
    description In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.(CVE-2018-11233) In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110458
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110458
    title Amazon Linux AMI : git (ALAS-2018-1035)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1215.NASL
    description According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110879
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110879
    title EulerOS 2.0 SP2 : git (EulerOS-SA-2018-1215)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1872-1.NASL
    description This update for git to version 2.16.4 fixes several issues. These security issues were fixed : - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120026
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120026
    title SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:1872-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1566-2.NASL
    description This update for git fixes several issues. These security issues were fixed : CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118260
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118260
    title SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3671-1.NASL
    description Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when 'git clone --recurse-submodules' is used. (CVE-2018-11235) It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. (CVE-2018-11233). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110395
    published 2018-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110395
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : git vulnerabilities (USN-3671-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-94EB743DAD.NASL
    description Update to 0.26.4 (CVE-2018-11235) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110932
    published 2018-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110932
    title Fedora 27 : libgit2 (2018-94eb743dad)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4212.NASL
    description Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110207
    published 2018-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110207
    title Debian DSA-4212-1 : git - security update
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0053_GIT.NASL
    description An update of the git package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121953
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121953
    title Photon OS 2.0: Git PHSA-2018-2.0-0053
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5A1589AD68F911E883F5D8CB8ABF62DD.NASL
    description The Git community reports : Insufficient validation of submodule names
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 110579
    published 2018-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110579
    title FreeBSD : Libgit2 -- Fixing insufficient validation of submodule names (5a1589ad-68f9-11e8-83f5-d8cb8abf62dd)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1957.NASL
    description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110663
    published 2018-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110663
    title CentOS 7 : git (CESA-2018:1957)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0145_GIT.NASL
    description An update of the git package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121844
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121844
    title Photon OS 1.0: Git PHSA-2018-1.0-0145
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-152-01.NASL
    description New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110308
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110308
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2018-152-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1566-1.NASL
    description This update for git fixes several issues. These security issues were fixed : - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110411
    published 2018-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110411
    title SUSE SLES12 Security Update : git (SUSE-SU-2018:1566-1)
  • NASL family Windows
    NASL id GIT_FOR_WINDOWS_2_17_1.NASL
    description The version of Git for Windows installed on the remote host is 2.13.x prior to 2.13.7, 2.14.x prior to 2.14.4, 2.15.x prior to 2.15.2, 2.16.x prior to 2.16.4 or 2.17.x prior to 2.17.1. It is, therefore, affected by a remote code execution vulnerability.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 110270
    published 2018-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110270
    title Git for Windows 2.13.x < 2.13.7 / 2.14.x < 2.14.4 / 2.15.x < 2.15.2 / 2.16.x < 2.16.4 / 2.17.x < 2.17.1 Remote Code Execution
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-75F7624A9F.NASL
    description Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct .c.googlers.com/) : ``` - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ``` A preliminary patch to resolve an issue with zlib on aarch64 is also included (RHBZ#1582555). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120535
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120535
    title Fedora 28 : git (2018-75f7624a9f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-080A3D7866.NASL
    description Upstream security fixes related to .gitmodules handling. From the [upstream announcement](https://public-inbox.org/git/xmqqy3g2flb6.fsf@gitster-ct .c.googlers.com/) : ``` - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). ``` Also fix a segfault in rev-parse with invalid input (#1581678) and install contrib/diff-highlight (#1550251). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110299
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110299
    title Fedora 27 : git (2018-080a3d7866)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1216.NASL
    description According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110880
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110880
    title EulerOS 2.0 SP3 : git (EulerOS-SA-2018-1216)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201805-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201805-13 (Git: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could execute arbitrary code on both client and server. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110212
    published 2018-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110212
    title GLSA-201805-13 : Git: Multiple vulnerabilities
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0145.NASL
    description An update of {'git'} packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111273
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111273
    title Photon OS update (deprecated)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1957.NASL
    description An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es) : * git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110632
    published 2018-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110632
    title RHEL 7 : git (RHSA-2018:1957)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0053.NASL
    description An update of {'git'} packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111307
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111307
    title Photon OS 2.0 : git (PhotonOS-PHSA-2018-2.0-0053) (deprecated)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1035.NASL
    description In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.(CVE-2018-11233) In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs 'git clone --recurse-submodules' because submodule 'names' are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with '../' in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.(CVE-2018-11235)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110452
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110452
    title Amazon Linux 2 : git (ALAS-2018-1035)
packetstorm via4
redhat via4
advisories
  • bugzilla
    id 1583862
    title CVE-2018-11235 git: arbitrary code execution when recursively cloning a malicious repository
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment emacs-git is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957017
        • comment emacs-git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003012
      • AND
        • comment emacs-git-el is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957031
        • comment emacs-git-el is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003024
      • AND
        • comment git is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957005
        • comment git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003006
      • AND
        • comment git-all is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957023
        • comment git-all is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003028
      • AND
        • comment git-bzr is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957019
        • comment git-bzr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561020
      • AND
        • comment git-cvs is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957025
        • comment git-cvs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003014
      • AND
        • comment git-daemon is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957009
        • comment git-daemon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003026
      • AND
        • comment git-email is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957011
        • comment git-email is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003010
      • AND
        • comment git-gui is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957035
        • comment git-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003022
      • AND
        • comment git-hg is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957021
        • comment git-hg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561026
      • AND
        • comment git-p4 is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957027
        • comment git-p4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561036
      • AND
        • comment git-svn is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957007
        • comment git-svn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003020
      • AND
        • comment gitk is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957015
        • comment gitk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003008
      • AND
        • comment gitweb is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957013
        • comment gitweb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003018
      • AND
        • comment perl-Git is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957033
        • comment perl-Git is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20101003016
      • AND
        • comment perl-Git-SVN is earlier than 0:1.8.3.1-14.el7_5
          oval oval:com.redhat.rhsa:tst:20181957029
        • comment perl-Git-SVN is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152561018
    rhsa
    id RHSA-2018:1957
    released 2018-06-20
    severity Important
    title RHSA-2018:1957: git security update (Important)
  • rhsa
    id RHSA-2018:2147
rpms
  • emacs-git-0:1.8.3.1-14.el7_5
  • emacs-git-el-0:1.8.3.1-14.el7_5
  • git-0:1.8.3.1-14.el7_5
  • git-all-0:1.8.3.1-14.el7_5
  • git-bzr-0:1.8.3.1-14.el7_5
  • git-cvs-0:1.8.3.1-14.el7_5
  • git-daemon-0:1.8.3.1-14.el7_5
  • git-email-0:1.8.3.1-14.el7_5
  • git-gui-0:1.8.3.1-14.el7_5
  • git-hg-0:1.8.3.1-14.el7_5
  • git-p4-0:1.8.3.1-14.el7_5
  • git-svn-0:1.8.3.1-14.el7_5
  • gitk-0:1.8.3.1-14.el7_5
  • gitweb-0:1.8.3.1-14.el7_5
  • perl-Git-0:1.8.3.1-14.el7_5
  • perl-Git-SVN-0:1.8.3.1-14.el7_5
refmap via4
bid 104345
debian DSA-4212
exploit-db 44822
gentoo GLSA-201805-13
misc
sectrack 1040991
ubuntu USN-3671-1
Last major update 30-05-2018 - 00:29
Published 30-05-2018 - 00:29
Last modified 29-03-2019 - 10:46
Back to Top