Git: Privilege escalation — GLSA 201401-06

A stack-based buffer overflow in Git might allow a local attacker to gain escalated privileges.

Affected Packages

dev-vcs/git on all architectures
Affected versions < 1.7.2.2
Unaffected versions >= 1.7.2.2

Background

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Description

Git contains a stack-based buffer overflow in the is_git_directory function in setup.c.

Impact

A local attacker could gain escalated privileges via a specially crafted git repository.

Workaround

There is no known workaround at this time.

Resolution

All Git users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/git-1.7.2.2"
 

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 11, 2010. It is likely that your system is already no longer affected by this issue.

References

Release Date
January 10, 2014

Latest Revision
January 10, 2014: 1

Severity
high

Exploitable
local

Bugzilla entries