[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2215-1 gitolite -- directory traversal

ID: oval:org.secpod.oval:def:600228Date: (C)2011-04-19   (M)2022-10-10
Class: PATCHFamily: unix




Dylan Simon discovered that gitolite, a SSH-based gatekeeper for git repositories, is prone to directory traversal attacks when restricting admin defined commands . This allows an attacker to execute arbitrary commands with privileges of the gitolite server via crafted command names. Please note that this only affects installations that have ADC enabled . The oldstable distribution is not affected by this problem, it does not include gitolite.

Platform:
Debian 6.0
Product:
gitolite
Reference:
DSA-2215-1
CVE-2011-1572
CVE    1
CVE-2011-1572
CPE    29
cpe:/a:sitaram_chamarty:gitolite:0.50
cpe:/a:sitaram_chamarty:gitolite:0.70
cpe:/a:sitaram_chamarty:gitolite:0.90
cpe:/a:sitaram_chamarty:gitolite:1.1
...

© SecPod Technologies