Geeks for your information News Privacy & Security News v
Code execution bug in malicious repositories resolved by Git Project
Code execution bug in malicious repositories resolved by Git Project
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
08 October 18, 13:40
Quote: The Git Project has disclosed the existence of a severe vulnerability which can lead to the execution of arbitrary code.

The vulnerability, CVE-2018-17456, was disclosed on Friday. The option-injection attack can be used to compromise the software's submodules. Malicious repositories which are cloned and use a .gitmodules file with a URL field beginning with a '-' character can be used to execute code at the time of processing.

CVE-2018-17456 is similar to CVE-2017-1000117, another option-injection attack which related to the handling of "ssh" URLs in Git software. The latter issue could be used to execute shell commands with the privileges of the user running the Git client when performing a clone action on a malicious repository.

Source: https://www.zdnet.com/article/code-execu...t-project/
[-] The following 1 user says Thank You to silversurfer for this post:
  â€˘ harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Opera 124.0.5705.65
New update to Oper...harlan4096 — 09:20
Vivaldi 7.7 Build 3851.56
Vivaldi 7.7 Build ...harlan4096 — 09:19
Rest in Peace Windows? Large YouTube cha...
Is Linux an altern...harlan4096 — 09:18
XYplorer
XYplorer ver 28.00 (...damien76 — 17:05
uBlock Origin 1.68.0 (already available ...
uBlock Origin 1.68...harlan4096 — 12:10

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>