Univention Bugzilla – Bug 37396
git: Multiple issues (4.1)
Last modified: 2019-04-11 19:25:19 CEST
+++ This bug was initially created as a clone of Bug #37395 +++ If git is used on a filesystem that is case-insensitive (i.e. NFTS, VFAT or HFS) and if the user is tricked into cloning or accessing a malformed repository, this could lead to an attacker overwriting the .git/config file, resulting in the execution of arbitrary commands (CVE-2014-9390) Such filesystems are uncommon in UCS, so low impact.
* "int" is the wrong data type for ... nlen assignment (CVE-2016-2315) * integer overflow due to a loop which adds more to "len" (CVE-2016-2324)
Upstream Debian package version 1:1.7.10.4-1+wheezy2 fixes this issue: * arbitrary code execution issues via URLs (CVE-2015-7545)
Upstream Debian package version 1:1.7.10.4-1+wheezy3 fixes this issue: * Fix remote code execution via buffer overflows (CVE-2016-2315, CVE-2016-2324)
Upstream Debian package version 1:1.7.10.4-1+wheezy4 fixes this issue: * Escape out of git-shell (CVE-2017-8386)
Upstream Debian package version 1:1.7.10.4-1+wheezy5 fixes: * Command injection via malicious ssh URLs (CVE-2017-1000117)
1:1.7.10.4-1+wheezy6 fixes: * the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has not been configured (however, the git-cvs package needs to be installed) (CVE-2017-14867)
This issue has been filed against UCS 4.1. UCS 4.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.