Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1572

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1572
Last Modified 14 May 2012 12:00:00
Published 04 Oct 2011 06:55:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1572

Summary

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.

Vulnerable Systems

Application

  • Sitaram Chamarty Gitolite 0.50

  • Sitaram Chamarty Gitolite 0.55

  • Sitaram Chamarty Gitolite 0.60

  • Sitaram Chamarty Gitolite 0.65

  • Sitaram Chamarty Gitolite 0.70

  • Sitaram Chamarty Gitolite 0.80

  • Sitaram Chamarty Gitolite 0.85

  • Sitaram Chamarty Gitolite 0.90

  • Sitaram Chamarty Gitolite 0.95

  • Sitaram Chamarty Gitolite 1.0

  • Sitaram Chamarty Gitolite 1.1

  • Sitaram Chamarty Gitolite 1.2

  • Sitaram Chamarty Gitolite 1.3

  • Sitaram Chamarty Gitolite 1.4

  • Sitaram Chamarty Gitolite 1.4.1

  • Sitaram Chamarty Gitolite 1.4.2

  • Sitaram Chamarty Gitolite 1.5

  • Sitaram Chamarty Gitolite 1.5.1

  • Sitaram Chamarty Gitolite 1.5.2

  • Sitaram Chamarty Gitolite 1.5.3

  • Sitaram Chamarty Gitolite 1.5.4

  • Sitaram Chamarty Gitolite 1.5.5

  • Sitaram Chamarty Gitolite 1.5.6

  • Sitaram Chamarty Gitolite 1.5.7

  • Sitaram Chamarty Gitolite 1.5.8

  • Sitaram Chamarty Gitolite 1.5.9


References

CONFIRM - https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=695568

BID - 46473

MLIST - [oss-security] 20110411 Re: CVE id request: gitolite

MLIST - [oss-security] 20110409 CVE id request: gitolite

XF - gitolite-adc-security-bypass(65542)

DEBIAN - DSA-2215

CONFIRM - http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1


Last Updated: 27 May 2016 10:56:22