CVE-2008-5916

Sažetak

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.

Reference

http://marc.info/?l=git&m=122975564100860&w=2
http://marc.info/?l=linux-kernel&m=122975564100863&w=2:
http://osvdb.org/50918
http://secunia.com/advisories/33282
http://secunia.com/advisories/33964
http://secunia.com/advisories/34194
http://securityreason.com/securityalert/4922
http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml
http://www.openwall.com/lists/oss-security/2009/01/15/2
http://www.openwall.com/lists/oss-security/2009/01/20/2
http://www.ubuntu.com/usn/USN-723-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/47528
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

21-01-2009 - 02:30