FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

git -- gitweb privilege escalation

Affected packages
git < 1.6.0.6

Details

VuXML ID ecad44b9-e663-11dd-afcd-00e0815b8da8
Discovery 2008-12-20
Entry 2009-01-19

Git maintainers report:

gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query.

[source]

References

Bugtraq ID 32967
Message 7vhc4z1gys.fsf@gitster.siamese.dyndns.org
URL http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.0.6.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.