CVE-2014-9390

Related Files

Gentoo Linux Security Advisory 201612-19

Posted Dec 7, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-19 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 3.8.4 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2014-9390, CVE-2014-9462, CVE-2016-3068, CVE-2016-3069, CVE-2016-3105, CVE-2016-3630

SHA-256 | 47c379d973e4969784c5bccded8e80c7573e79b6ec6f68d82c36130813ba786e

Download | Favorite | View

Gentoo Linux Security Advisory 201509-06

Posted Sep 25, 2015

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201509-6 - An attacker could execute arbitrary commands via Git repositories in a case-insensitive or case-normalizing filesystem. Versions less than 2.0.5 are affected.

tags | advisory, arbitrary

systems | linux, gentoo

advisories | CVE-2014-9390

SHA-256 | f5c875abddf16229107d11e985b0b6283b6e21ef181d91bc716e8c756b6d3cba

Download | Favorite | View

Mandriva Linux Security Advisory 2015-169

Posted Mar 31, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-169 - It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the.git/config file when the client performed a git pull. Because git permitted committing.Git/config , on the pull this would replace the user's.git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client.

tags | advisory, arbitrary

systems | linux, mandriva

advisories | CVE-2014-9390

SHA-256 | 3d2e5be41e9078bea5ab6f6cc66bb8d225c3913892ae0f3c43bfd3fb44ff1607

Download | Favorite | View

Apple Security Advisory 2015-03-09-4

Posted Mar 10, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof

systems | apple

advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390

SHA-256 | 4a50eb3c136fe092fc8abd8396cccba8eb128f4a15cfe7c70ec4f0d941b01848

Download | Favorite | View

Ubuntu Security Notice USN-2470-1

Posted Jan 14, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2470-1 - Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2014-9390

SHA-256 | 85b950ee8227de6144153e9f9d7593a621bb882118bc9fc9f52fbfc82a0d2838

Download | Favorite | View

Malicious Git And Mercurial HTTP Server For CVE-2014-9390

Posted Jan 2, 2015

Authored by Jon Hart | Site metasploit.com

This Metasploit module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities.

tags | exploit, vulnerability

advisories | CVE-2014-9390

SHA-256 | 36d1712be284842da277dc56d61894ebadaefded1087a47ec4a5fe7a5c521ad3

Download | Favorite | View

Apple Security Advisory 2014-12-18-1

Posted Dec 20, 2014

Authored by Apple | Site apple.com

Apple Security Advisory 2014-12-18-1 - Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.

tags | advisory

systems | apple

advisories | CVE-2014-9390

SHA-256 | f61fd9d0d48bd3edc62fd01719a27d1689aae89d9c6537e9356ca5a7b525aa5c

Download | Favorite | View