CVE-2012-4465

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-4465 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Jim Meyering.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-4465

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* cgit cgit 0.9.0.2-2 and Prior

Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit.

Some vulnerabilities has been reported in cgit, which can be exploited by malicious users to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error when parsing the "Author" field of a Git commit and can be exploited to cause a heap-based buffer overflow and crash the application. 2) An error in the syntax-highlighting.sh script when processing the "--plug-in" argument can be exploited to inject shell commands.

CVE Information:
CVE-2012-4465

Disclosure Timeline:
Published: Oct 01 2012 12:00AM
Updated: Oct 12 2012 06:40PM

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus