Vulnerabilities > CVE-2009-2108 - Resource Management Errors vulnerability in GIT

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
git
CWE-399
nessus
exploit available

Summary

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionGit 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability. CVE-2009-2108. Dos exploit for linux platform
idEDB-ID:33036
last seen2016-02-03
modified2009-05-05
published2009-05-05
reporterShawn O. Pearce
sourcehttps://www.exploit-db.com/download/33036/
titleGit <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-155.NASL
    descriptionA vulnerability has been found and corrected in git : git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments (CVE-2009-2108). This update provides fixes for this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id48150
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48150
    titleMandriva Linux Security Advisory : git (MDVSA-2009:155)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2009:155. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(48150);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:52");
    
      script_cve_id("CVE-2009-2108");
      script_bugtraq_id(35338);
      script_xref(name:"MDVSA", value:"2009:155");
    
      script_name(english:"Mandriva Linux Security Advisory : git (MDVSA-2009:155)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability has been found and corrected in git :
    
    git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to
    cause a denial of service (infinite loop and CPU consumption) via a
    request containing extra unrecognized arguments (CVE-2009-2108).
    
    This update provides fixes for this vulnerability."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-core-oldies");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gitk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gitview");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gitweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64git-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgit-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.1", reference:"git-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"git-arch-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"git-core-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"git-core-oldies-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"git-cvs-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"git-email-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"git-svn-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"gitk-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"gitview-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"gitweb-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64git-devel-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgit-devel-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"perl-Git-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D9B01C0859B311DE828E00E0815B8DA8.NASL
    descriptionSecurityFocus reports : Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id39408
    published2009-06-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39408
    titleFreeBSD : git -- denial of service vulnerability (d9b01c08-59b3-11de-828e-00e0815b8da8)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39408);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:40");
    
      script_cve_id("CVE-2009-2108");
      script_bugtraq_id(35338);
    
      script_name(english:"FreeBSD : git -- denial of service vulnerability (d9b01c08-59b3-11de-828e-00e0815b8da8)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SecurityFocus reports :
    
    Git is prone to a denial-of-service vulnerability because it fails to
    properly handle some client requests.
    
    Attackers can exploit this issue to cause a daemon process to enter an
    infinite loop. Repeated exploits may consume excessive system
    resources, resulting in a denial of service condition."
      );
      # https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?363a2201"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://article.gmane.org/gmane.comp.version-control.git/120724"
      );
      # https://vuxml.freebsd.org/freebsd/d9b01c08-59b3-11de-828e-00e0815b8da8.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a3105c0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"git<1.6.3.2_1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6809.NASL
    descriptionThis update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39507
    published2009-06-25
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39507
    titleFedora 9 : git-1.6.0.6-4.fc9 (2009-6809)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1841.NASL
    descriptionIt was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.
    last seen2020-06-01
    modified2020-06-02
    plugin id44706
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44706
    titleDebian DSA-1841-1 : git-core - denial of service
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200907-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200907-05 (git: git-daemon Denial of Service) Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments. Impact : A remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption). Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id39776
    published2009-07-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39776
    titleGLSA-200907-05 : git: git-daemon Denial of Service
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6839.NASL
    descriptionThis update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39509
    published2009-06-25
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39509
    titleFedora 10 : git-1.6.0.6-4.fc10 (2009-6839)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-6936.NASL
    descriptionThis update fixes a Denial of Service vulnerability in git-daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39513
    published2009-06-25
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39513
    titleFedora 11 : git-1.6.2.5-1.fc11 (2009-6936)