Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Critical Git bug allows malicious code execution on client machines


  • Please log in to reply
No replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:47 AM

Posted 19 December 2014 - 04:42 PM

 

Developers who use the official Git client and related software are being urged to install a security update that kills a bug that could allow attackers to hijack end-user computers.

The critical vulnerability affects all Windows- and Mac-based versions of the official Git client and related software that interacts with Git repositories, according to an advisory published Thursday. The bug can be exploited to give remote code execution when the client software accesses booby-trapped Git repositories.

"An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine," Thursday's advisory warned. "Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem."

 

 

Critical Git bug allows malicious code execution on client machines

 

.



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users