安全研究

安全漏洞
GIT is_git_directory()函数栈溢出漏洞

发布日期:2010-07-22
更新日期:2010-09-28

受影响系统:
GIT GIT 1.5.6 - 1.7.1
不受影响系统:
GIT GIT 1.7.2
描述:
BUGTRAQ  ID: 41891
CVE ID: CVE-2010-2542

Git是一款开源的分布式版本控制系统。

Git的setup.c文件中的is_git_directory()函数存在栈溢出,用户受骗打开了包含有超长gitdir参数的.git文件就可以触发这个溢出,导致执行任意代码。

<*来源:Greg Brockman (gdb@MIT.EDU
  
  链接:http://secunia.com/advisories/41569/
        http://www.debian.org/security/2010/dsa-2114
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-2114-1)以及相应补丁:
DSA-2114-1:New git-core packages fix regression
链接:http://www.debian.org/security/2010/dsa-2114

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2.dsc
Size/MD5 checksum:     1332 1ca802be6d1039154fea0f867fc1c3cf
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
Size/MD5 checksum:  2103619 c22da91c913a02305fd8a1a2298f75c9
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2.diff.gz
Size/MD5 checksum:   228860 778ce77061180906a2aae9f22c606e93

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   267472 3c95d2a6bd41b0275c7f8e95ef12efa4
http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   402182 634c011ec7a8ae782b0bff0be2134078
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   231542 a53d6f8319c8dd5182cdc224513d5bfd
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   218012 3b291893958b61fbe4825e7774ea2e9b
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   269864 2c9d96e08c55e34a83270cc34ce38463
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   268424 ad015248dfc153c22f4a95927c288912
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:  1249010 a4986335fde6824c01bb1dec115c0314
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   229804 e81867cadc7426d6361ac1dbbccce1c7
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny3.2_all.deb
Size/MD5 checksum:   301022 dd567de6cd446f8362127f5f5876dae2

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_alpha.deb
Size/MD5 checksum:  3809306 2910ff0e823c7b56eee4ceb51e6be806

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_amd64.deb
Size/MD5 checksum:  3419816 ba89829009b57237c5a0630eb01c01c3

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_arm.deb
Size/MD5 checksum:  3042360 5be0e0673a32062ad9ec56c0feee2a69

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_armel.deb
Size/MD5 checksum:  3071030 168f3edcc71842c4a09b5d656a639be0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_i386.deb
Size/MD5 checksum:  3140010 429887ce79db588352636d24bcd42df7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_ia64.deb
Size/MD5 checksum:  4760744 4cd6c9386efdd3d684b616a2928c4fe9

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_mips.deb
Size/MD5 checksum:  3417818 376e6c42f288898369b61b4f6203b2ae

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_mipsel.deb
Size/MD5 checksum:  3421030 7578fae97f13c3fd21245c9be7e50503

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_powerpc.deb
Size/MD5 checksum:  3482142 92729277795f88ca818304bcf3c6fda8

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_s390.deb
Size/MD5 checksum:  3422802 05720c1cea472a17406fb2c0a917b4c2

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_sparc.deb
Size/MD5 checksum:  3077076 7db8d2a588021c019561fe370baf81af

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

GIT
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc
http://git.kernel.org/?p=git/git.git;a=commit;h=b44ebb19e3234c5dffe9869ceac5408bb44c2e20

浏览次数:2487
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客