CVE-2013-0308

Name of the Vulnerable Software and Affected Versions git versions 1.7.1 git-all versions 1.7.1 git-cvs versions 1.7.1 git-daemon versions 1.7.1 git-debuginfo versions 1.7.1 git-email versions 1.7.1 git-gui versions 1.7.1 git-svn versions 1.7.1 git-web versions 1.7.1 gitk versions 1.7.1

Description The issue is related to the git package and its various components, which can lead to a violation of protected information integrity. The vulnerability can be exploited remotely. The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, allowing man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Recommendations For git versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-all versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-cvs versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-daemon versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-debuginfo versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-email versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-gui versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-svn versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For git-web versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue. For gitk versions 1.7.1, update to a version later than 1.8.1.4 to resolve the issue.