Vulnerability CVE-2010-2542

Vulnerability Name:

CVE-2010-2542 (CCN-60675)

Assigned:

2010-06-21

Published:

2010-06-21

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-2542

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: GIT GIT Repository
heck size of path buffer before writing into it

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: SA41569
GIT is_git_directory() Buffer Overflow Vulnerability

Source: DEBIAN
Type: DSA-2114
git-core -- buffer overflow

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: CCN
Type: oss-security Mailing List, Wed, 21 Jul 2010 23:17:01 -0400
CVE request: git

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 67091
Git setup.c is_git_directory Function gitdir: Field Overflow

Source: CCN
Type: BID-41891
Git 'gitdir' Remote Buffer Overflow Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
git-gitdir-bo(60675)

Source: SUSE
Type: SUSE-SR:2011:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:git:git:1.5.6.3:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.2.4:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.4.7:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.4.6:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.6.4:*:*:*:*:*:*:*

OR cpe:/a:git:git:1.5.6.5:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:26165	P	Security update for libarchive (Moderate)	2021-11-17
oval:org.opensuse.security:def:20102542	V	CVE-2010-2542	2021-08-15
oval:org.opensuse.security:def:36412	P	git-1.7.12.4-0.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:26679	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27410	P	git on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26538	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25962	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26693	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26246	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26591	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26737	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26303	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:26640	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27375	P	binutils-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26387	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25961	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.mitre.oval:def:12423	P	DSA-2114-1 git-core -- buffer overflow	2014-07-21
oval:org.debian:def:2114	V	buffer overflow	2010-09-26

BACK