Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3546

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3546
Last Modified 07 Mar 2011 10:10:58
Published 07 Aug 2008 05:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3546

Summary

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

Vulnerable Systems

Application

  • Git 1.5.5.3

  • Git 1.5.5.4

  • Git 1.5.6.1

  • Git 1.5.6.2

  • Git 1.5.6.3


References

FEDORA - FEDORA-2008-9080

CONFIRM - https://issues.rpath.com/browse/RPL-2707

XF - git-multiple-bo(44217)

VUPEN - ADV-2008-2306

UBUNTU - USN-723-1

SECTRACK - 1020627

BID - 30549

BUGTRAQ - 20080812 rPSA-2008-0253-1 git gitweb

CONFIRM - http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt

DEBIAN - DSA-1637

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0253

GENTOO - GLSA-200809-16

SECUNIA - 33964

SECUNIA - 32384

SECUNIA - 32029

SECUNIA - 31780

SECUNIA - 31347

MLIST - [git] 20080716 [PATCH] Fix buffer overflow in git diff


Last Updated: 27 May 2016 10:48:13