Oval Definition:oval:org.mitre.oval:def:13916
Revision Date:2014-06-30Version:20
Title:USN-723-1 -- git-core vulnerabilities
Description:It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the Git web interface did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS. It was discovered that the Git web interface did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-3546
CVE-2008-5516
CVE-2008-5517
CVE-2008-5916
USN-723-1
USN-723-1
Platform(s):Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s):git-core
Definition Synopsis
  • Release section
  • Ubuntu 7.10 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • git-gui DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-daemon-run DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR gitweb DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-doc DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-p4 DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-arch DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-cvs DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-svn DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR git-email DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR gitk DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is lpia
  • AND git-core DPKG is earlier than 1:1.5.2.5-2ubuntu0.1
  • OR Release section
  • Ubuntu 8.04 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • git-gui DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR git-daemon-run DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR gitweb DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR git-doc DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR git-svn DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR git-arch DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR git-cvs DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR git-email DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR gitk DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is lpia
  • AND git-core DPKG is earlier than 1:1.5.4.3-1ubuntu2.1
  • OR Release section
  • Ubuntu 6.06 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • git-doc DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR git-svn DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR git-arch DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR git-cvs DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR git-email DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR gitk DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is sparc
  • OR Installed architecture is powerpc
  • OR Installed architecture is amd64
  • OR Installed architecture is i386
  • AND git-core DPKG is earlier than 1.1.3-1ubuntu1.1
  • OR Release section
  • Ubuntu 8.10 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • git-gui DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR git-daemon-run DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR gitweb DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR git-doc DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR git-svn DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR git-arch DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR git-cvs DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR git-email DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR gitk DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • OR Installed architecture is powerpc
  • OR Installed architecture is sparc
  • OR Installed architecture is lpia
  • AND git-core DPKG is earlier than 1:1.5.6.3-1.1ubuntu2.1
    • BACK