CVE-2010-2542

Name of the Vulnerable Software and Affected Versions Git versions prior to 1.7.2.1 git-email (affected versions not specified) gitk (affected versions not specified) git-svn (affected versions not specified) git-arch (affected versions not specified) gitweb (affected versions not specified) git-cvs (affected versions not specified) git-gui (affected versions not specified) git-doc (affected versions not specified) git-core (affected versions not specified) git-daemon-run (affected versions not specified)

Description The issue involves multiple vulnerabilities in various Git packages for Debian GNU/Linux, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability in Git before version 1.7.2.1 involves a stack-based buffer overflow in the is git directory function, allowing local users to gain privileges via a long gitdir: field in a .git file in a working copy.

Recommendations For Git versions prior to 1.7.2.1, update to version 1.7.2.1 or later to resolve the issue. For git-email, consider disabling the package until a patch is available. For gitk, restrict access to the package to minimize the risk of exploitation. For git-svn, avoid using the package in sensitive operations until the issue is resolved. For git-arch, consider removing the package if it is not essential to operations. For gitweb, restrict access to the web interface to minimize the risk of exploitation. For git-cvs, consider disabling the package until a patch is available. For git-gui, restrict access to the GUI to minimize the risk of exploitation. For git-doc, consider removing the package if it is not essential to operations. For git-core, update the package to the latest version available. For git-daemon-run, restrict access to the daemon to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in the other packages.