Bug 1175960 (CVE-2014-9390) - CVE-2014-9390 git: arbitrary command execution vulnerability on case-insensitive file systems
Summary: CVE-2014-9390 git: arbitrary command execution vulnerability on case-insensit...
Alias: CVE-2014-9390
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=low,public=20141218,reported=2...
: 1175959 (view as bug list)
Depends On: 1178856 1220552
TreeView+ depends on / blocked
Reported: 2014-12-19 00:43 UTC by Vincent Danen
Modified: 2019-06-08 20:19 UTC (History)
13 users (show)

Fixed In Version: git 2.2.1, git 2.1.4, git 2.0.5, git 1.9.5, git
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1178856 (view as bug list)
Last Closed: 2015-01-05 15:02:35 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1310493 None None None Never

Description Vincent Danen 2014-12-19 00:43:34 UTC
It was reported [1] that git, when used as a client on a case-insensitive filesystem (such as FAT, FAT32, NTFS, HFS+, etc.), could allow the overwrite of the .git/config file when the client performed a "git pull".  Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user's .git/config.  If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client.

[1] http://article.gmane.org/gmane.linux.kernel/1853266


This flaw is only exploitable when the local git repository is stored on a case-insensitive filesystem.  By default, Red Hat Enterprise Linux uses case-sensitive filesystems (such as ext2/3/4, XFS, etc.) and as such is not vulnerable to this flaw.

Comment 1 pstodulk 2014-12-19 15:26:51 UTC
*** Bug 1175959 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.