Vulnerabilities > CVE-2009-2108 - Resource Management Errors vulnerability in GIT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Git 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability. CVE-2009-2108. Dos exploit for linux platform |
| id | EDB-ID:33036 |
| last seen | 2016-02-03 |
| modified | 2009-05-05 |
| published | 2009-05-05 |
| reporter | Shawn O. Pearce |
| source | https://www.exploit-db.com/download/33036/ |
| title | Git <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-155.NASL description A vulnerability has been found and corrected in git : git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments (CVE-2009-2108). This update provides fixes for this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 48150 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48150 title Mandriva Linux Security Advisory : git (MDVSA-2009:155) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:155. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48150); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id("CVE-2009-2108"); script_bugtraq_id(35338); script_xref(name:"MDVSA", value:"2009:155"); script_name(english:"Mandriva Linux Security Advisory : git (MDVSA-2009:155)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in git : git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments (CVE-2009-2108). This update provides fixes for this vulnerability." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-arch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-core-oldies"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-cvs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-email"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:git-svn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gitk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gitview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gitweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64git-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgit-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.1", reference:"git-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"git-arch-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"git-core-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"git-core-oldies-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"git-cvs-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"git-email-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"git-svn-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"gitk-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"gitview-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"gitweb-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64git-devel-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libgit-devel-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"perl-Git-1.6.2.5-0.1mdv2009.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D9B01C0859B311DE828E00E0815B8DA8.NASL description SecurityFocus reports : Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 39408 published 2009-06-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39408 title FreeBSD : git -- denial of service vulnerability (d9b01c08-59b3-11de-828e-00e0815b8da8) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(39408); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2009-2108"); script_bugtraq_id(35338); script_name(english:"FreeBSD : git -- denial of service vulnerability (d9b01c08-59b3-11de-828e-00e0815b8da8)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "SecurityFocus reports : Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial of service condition." ); # https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?363a2201" ); script_set_attribute( attribute:"see_also", value:"http://article.gmane.org/gmane.comp.version-control.git/120724" ); # https://vuxml.freebsd.org/freebsd/d9b01c08-59b3-11de-828e-00e0815b8da8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a3105c0" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:git"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"git<1.6.3.2_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2009-6809.NASL description This update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39507 published 2009-06-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39507 title Fedora 9 : git-1.6.0.6-4.fc9 (2009-6809) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1841.NASL description It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions. last seen 2020-06-01 modified 2020-06-02 plugin id 44706 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44706 title Debian DSA-1841-1 : git-core - denial of service NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200907-05.NASL description The remote host is affected by the vulnerability described in GLSA-200907-05 (git: git-daemon Denial of Service) Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments. Impact : A remote unauthenticated attacker could send a specially crafted request to git-daemon, possibly leading to a Denial of Service (CPU consumption). Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 39776 published 2009-07-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39776 title GLSA-200907-05 : git: git-daemon Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2009-6839.NASL description This update fixes a Denial of Service vulnerability in git-daemon. It also fixes minor issues when using git-cvsimport and the formatting of the git-daemon xinetd service description. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39509 published 2009-06-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39509 title Fedora 10 : git-1.6.0.6-4.fc10 (2009-6839) NASL family Fedora Local Security Checks NASL id FEDORA_2009-6936.NASL description This update fixes a Denial of Service vulnerability in git-daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39513 published 2009-06-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39513 title Fedora 11 : git-1.6.2.5-1.fc11 (2009-6936)
References
- http://article.gmane.org/gmane.comp.version-control.git/120733
- http://osvdb.org/55034
- http://secunia.com/advisories/35437
- http://secunia.com/advisories/35730
- http://security.gentoo.org/glsa/glsa-200907-05.xml
- http://thread.gmane.org/gmane.comp.version-control.git/120724
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:155
- http://www.openwall.com/lists/oss-security/2009/06/12/1
- http://www.securityfocus.com/bid/35338
- http://www.securitytracker.com/id?1022398
- http://www.vupen.com/english/advisories/2009/1579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51083
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html
- https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html