Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5517

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5517
Last Modified 06 Jun 2011 12:00:00
Published 13 Jan 2009 12:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5517

Summary

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

Vulnerable Systems

Application

  • Git 1.5.0

  • Git 1.5.0.1

  • Git 1.5.0.2

  • Git 1.5.0.3

  • Git 1.5.0.4

  • Git 1.5.0.5

  • Git 1.5.0.6

  • Git 1.5.0.7

  • Git 1.5.1

  • Git 1.5.1.1

  • Git 1.5.1.2

  • Git 1.5.1.3

  • Git 1.5.1.4

  • Git 1.5.1.5

  • Git 1.5.1.6

  • Git 1.5.2

  • Git 1.5.2.1

  • Git 1.5.2.2

  • Git 1.5.2.3

  • Git 1.5.2.4

  • Git 1.5.2.5

  • Git 1.5.3

  • Git 1.5.3.1

  • Git 1.5.3.2

  • Git 1.5.3.3

  • Git 1.5.3.4

  • Git 1.5.3.5

  • Git 1.5.3.6

  • Git 1.5.3.7

  • Git 1.5.3.8

  • Git 1.5.4

  • Git 1.5.4.1

  • Git 1.5.4.2

  • Git 1.5.4.3

  • Git 1.5.4.4

  • Git 1.5.4.5

  • Git 1.5.4.6

  • Git 1.5.4.7


References

BID - 33215

CONFIRM - https://issues.rpath.com/browse/RPL-2936

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=479715

VUPEN - ADV-2009-0175

UBUNTU - USN-723-1

BUGTRAQ - 20090113 rPSA-2009-0005-1 git gitweb

MLIST - [oss-security] 20090123 Re: CVE request -- git

MLIST - [oss-security] 20090121 Re: CVE request -- git

MLIST - [oss-security] 20090120 Re: CVE request -- git

GENTOO - GLSA-200903-15

DEBIAN - DSA-1708

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0005

SECUNIA - 34194

SECUNIA - 33964

MISC - http://repo.or.cz/w/git.git?a=commitdiff;h=516381d5

SUSE - SUSE-SR:2009:001

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330


Last Updated: 27 May 2016 10:48:49