遠端 Web 伺服器主控的 gitWeb 版本 (開放原始碼分散式版本控制系統 Git 啟用 Web 的介面) 無法先清理使用者提供的 shell 中繼字元之 'gitWeb.cgi' 指令碼的輸入，再將其傳送至 shell。

未驗證的遠端攻擊者可利用此問題執行需要 Web 伺服器操作權限的任意命令。

远程 Web 服务器上托管的开源分布式版本控制系统 Git 经启用 Web 的界面 gitweb 的版本在将用户提供的 shell 元字符的“gitweb.cgi”脚本的输入传递到 shell 之前无法对其进行审查。未经认证的远程攻击者可利用此问题以运行 Web 服务器的权限执行任意命令。

リモート Web サーバー上にホストされたオープンソースの配布バージョンコントロールシステム Git を開くための Web 対応インターフェイスである gitweb のバージョンが、ユーザー指定の入力をシェルに渡す前に、シェルメタ文字の「gitweb.cgi」スクリプトにサニタイズできません。

認証されていないリモートの攻撃者がこの問題を利用して、 Web サーバーを動作させている権限の対象になる任意のコマンドを実行する可能性があります。

The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell.

An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands subject to the privileges under which the web server operates.

Insufficient quoting of shell characters allowed remote attackers to execute arbitrary commands via the git web interface (CVE-2008-5517)

New git packages are available for Slackware 12.0, 12.1, 12.2, and
-current to fix security issues.

The remote host is affected by the vulnerability described in GLSA-200903-15 (git: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in gitweb that is part of     the git package:
    Shell metacharacters related to git_search are not properly sanitized     (CVE-2008-5516).
    Shell metacharacters related to git_snapshot and git_object are not     properly sanitized (CVE-2008-5517).
    The diff.external configuration variable as set in a repository can be     executed by gitweb (CVE-2008-5916).
  Impact :

    A remote unauthenticated attacker can execute arbitrary commands via     shell metacharacters in a query, remote attackers with write access to     a git repository configuration can execute arbitrary commands with the     privileges of the user running gitweb by modifying the diff.external     configuration variable in the repository and sending a crafted query to     gitweb.
  Workaround :

    There is no known workaround at this time.

It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-3546)

It was discovered that the Git web interface (gitweb) did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-5516, CVE-2008-5517)

It was discovered that the Git web interface (gitweb) did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities :

Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality (CVE-2008-5916 ).

Local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server (CVE-2008-5516, CVE-2008-5517 ).

ID	名称	产品	系列	发布时间	最近更新时间	严重程度
44675	GIT gitweb git_snapshot / git_object Shell 詮釋字元任意命令執行	Nessus	CGI abuses	2010/2/21	2022/4/11	high
44675	GIT gitweb git_snapshot / git_object Shell 元字符任意命令执行	Nessus	CGI abuses	2010/2/21	2022/4/11	high
44675	GIT gitweb git_snapshot/git_object シェルメタ文字における任意のコマンドの実行	Nessus	CGI abuses	2010/2/21	2022/4/11	high
44675	GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution	Nessus	CGI abuses	2010/2/21	2022/4/11	high
35330	openSUSE 10 Security Update : git (git-5892)	Nessus	SuSE Local Security Checks	2009/1/11	2021/1/14	high
35728	Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)	Nessus	Slackware Local Security Checks	2009/2/23	2021/1/14	high
35813	GLSA-200903-15 : git: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	2009/3/10	2021/1/6	high
36720	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)	Nessus	Ubuntu Local Security Checks	2009/4/23	2021/1/19	high
35425	Debian DSA-1708-1 : git-core - shell command injection	Nessus	Debian Local Security Checks	2009/1/20	2021/1/4	high

检测

插件搜索

high

high

high

high

high

high

high

high

high