870713 – (CVE-2012-4548) CVE-2012-4548 cgit: syntax-highlighting.sh command injection

Bug 870713 (CVE-2012-4548) - CVE-2012-4548 cgit: syntax-highlighting.sh command injection

Summary: CVE-2012-4548 cgit: syntax-highlighting.sh command injection

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-4548
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	870714 870715
Blocks:
TreeView+	depends on / blocked

Reported:	2012-10-28 06:59 UTC by Kurt Seifried
Modified:	2019-09-29 12:56 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-24 15:56:44 UTC
Embargoed:

Attachments	(Terms of Use)
cgit-CVE-2012-4548.patch (564 bytes, patch) 2012-10-28 07:00 UTC, Kurt Seifried	no flags	Details \| Diff
View All

Description Kurt Seifried 2012-10-28 06:59:04 UTC

syntax-highlighting.sh: Fix command injection.

By not quoting the argument, an attacker with the ability to add files to the 
repository could pass arbitrary arguments to the highlight command, in 
particular, the --plug-in argument which can lead to arbitrary command 
execution. 

This patch adds simple argument quoting. 

External references:
http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd

Comment 1 Kurt Seifried 2012-10-28 07:00:46 UTC

Created attachment 634444 [details]
cgit-CVE-2012-4548.patch

Comment 2 Kurt Seifried 2012-10-28 07:01:38 UTC

Created cgit tracking bugs for this issue

Affects: fedora-all [bug 870714]

Comment 3 Kurt Seifried 2012-10-28 07:02:11 UTC

Created cgit tracking bugs for this issue

Affects: epel-all [bug 870715]

Note You need to log in before you can comment on or make changes to this bug.