Security News > 2020 > November > Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
2020-11-05 11:14

A critical vulnerability in Git Large File Storage, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git version control tool, security researcher Dawid Golunski has discovered.

Golunski found that Git LFS does not specify a full path to git binary when executing a new git process via a specific exec.

"As the exec.Command() implementation on Windows systems include the current directory, attackers may be able to plant a backdoor in a malicious repository by simply adding an executable file named: git.bat, git.exe, git.cmd or any other extension that is used on the victim's system, in the main repo's directory. As a result, the malicious git binary planted in this way will get executed instead of the original git binary located in a trusted path," he explained.

The vulnerability affects Git LFS versions 2.12 or earlier on Windows systems.

Git for Windows has also been updated to include this Git LFS version.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/nXCLukSlayo/