leftcomm.blogg.se

1. #Git windows to runningsomeoneelse scode vulnerability update#
2. #Git windows to runningsomeoneelse scode vulnerability Patch#
3. #Git windows to runningsomeoneelse scode vulnerability upgrade#
4. #Git windows to runningsomeoneelse scode vulnerability code#

Avoid running git submodule deinit, git config -rename-section, and git config -remove-section on untrusted repositories or without prior inspection of your $GIT_DIR/config.

#Git windows to runningsomeoneelse scode vulnerability Patch#

Use git apply -stat to inspect a patch before applying it.

#Git windows to runningsomeoneelse scode vulnerability update#

If you can’t update immediately, reduce your risk by taking the following steps:

#Git windows to runningsomeoneelse scode vulnerability upgrade#

The most effective way to protect against these vulnerabilities is to upgrade to Git 2.40.1. This vulnerability is similar to the one that led to Git CMD being deprecated temporarily in Git for Windows v2.19.2, but is contained to the directory in which Git CMD is started.

#Git windows to runningsomeoneelse scode vulnerability code#

When started in untrusted directories, this can lead to silent arbitrary code execution. Lastly, Git for Windows’s “Git CMD” program incorrectly searches for a program called doskey.exe beginning in the working directory of Git CMD on startup. Users on multi-account Windows machines are highly advised to exercise caution if they use this SOCKS5 proxy on those machines. The location of connect.exe’s configuration file is hard-coded to a path that is typically interpreted as C:\etc\connectrc, which is susceptible in a similar fashion as above. Typically, all authenticated users have permission to create folders in C:\, allowing for malicious actors to inject incorrect messages into git.exe.Ī similar vulnerability (as above) exists in Git for Windows’s connect.exe executable, which is responsible for implementing a SOCKS5 proxy.

This vulnerability affects users working on Windows machines to which other, untrusted parties have write access. Using obscure message formatting features, this allows out-of-bound memory writes, which can be used to cause crashes. Those URLs may be misinterpreted as containing new configuration material when removing those sections, for example, with git submodule deinit.Ī recent change in one of the packages shipped with Git for Windows caused the gettext() function to use the hard-coded path C:\mingw64\share\locale when looking for localization messages instead of respecting the runtime prefix. This vulnerability may be exploited by using overly-long submodule URLs, which are stored in a user’s $GIT_DIR/config upon initialization. This may be used to achieve arbitrary code execution, via configuration values that specify executables, such as core.pager, core.editor, core.sshCommand, and so on. This can result in arbitrary configuration injection into a user’s $GIT_DIR/config when attempting to rename or remove a malicious configuration section. Git’s implementation used to rename or delete sections of a configuration file contained a logic error that resulted in improperly treating configuration values longer than a fixed length as containing new sections. However, this fix was incomplete: when using git apply -reject to write out rejected hunks from the patch as *.rej files, specially crafted malicious patches can perform controlled content writes at arbitrary locations. In Git 2.39.1, this mechanism was updated to reject patches which themselves created symbolic links and attempted to write beyond them. When applying patches with git apply, Git rejects inputs that attempt to write a file beyond a symbolic link. Users fitting any of these descriptions are also encouraged to upgrade immediately. The Windows-specific issues affect users on multi-user machines, users working in Git CMD, and users leveraging the SOCKS5 proxy connect.exe that is included in the Git for Windows distribution. The latter may be used to inject arbitrary configuration settings, which may in turn be used to achieve arbitrary code execution. The former may be used to perform controlled content writes at arbitrary paths with git apply -reject. To protect against CVE-2023-25652 and CVE-2023-29007, users are encouraged to upgrade immediately. The Git for Windows project released new versions including the fixes for all five of these vulnerabilities. Git was also patched to address additional, Windows-specific vulnerabilities: CVE-2023-25815, CVE-2023-29011, and CVE-2023-29012. Today, the Git project released new versions to address a pair of security vulnerabilities, CVE-2023-25652 and CVE-2023-29007, that affect versions 2.40.0 and older.