[Secure-testing-team] Bug#532935: [SA35437] git-daemon Parameter Parsing Infinite Loop Denial of Service
Giuseppe Iuculano
giuseppe at iuculano.it
Fri Jun 12 23:24:29 UTC 2009
Package: git-core
Version: 1:1.6.3.1-1
Severity: grave
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for git:
SA35437[1]:
Description:
A vulnerability has been reported in Git, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an infinite loop when parsing certain additional request parameters. This can be exploited to cause a high CPU load by sending specially crafted requests to an affected git-daemon.
The vulnerability is reported in versions 1.4.4.5 through 1.6.3.2. Other versions may also be affected.
Solution:
Fixed in the Git repository.[2]
Provided and/or discovered by:
Shawn O. Pearce
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
For further information see:
[1] http://secunia.com/advisories/35437/
[2] http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoy46kACgkQNxpp46476ao5WACfVbG5mv0Ql4FGFwUvekX07nhH
uEgAn2tYZoHfAwSh2TKRjkZefSKwNF4m
=qMjv
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list