CVE-2010-2542 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Git-scm	Git

Configuration 1 [-]

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://secunia.com/advisories/43457
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt
http://www.openwall.com/lists/oss-security/2010/07/22/1
http://www.openwall.com/lists/oss-security/2010/07/22/4
http://www.securityfocus.com/bid/41891
http://www.vupen.com/english/advisories/2011/0464
https://bugzilla.redhat.com/show_bug.cgi?id=618108
https://nvd.nist.gov/vuln/detail/CVE-2010-2542
https://www.cve.org/CVERecord?id=CVE-2010-2542

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-08-11T18:00:00

Updated: 2024-08-07T02:39:37.663Z

Reserved: 2010-06-30T00:00:00

Link: CVE-2010-2542

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-08-11T18:47:50.687

Modified: 2024-11-21T01:16:52.307

Link: CVE-2010-2542

Redhat

Severity : Low

Publid Date: 2010-07-20T00:00:00Z

Links: CVE-2010-2542 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-21T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-03-01T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "43457", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43457"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618108"}, {"name": "[oss-security] 20100722 Re: CVE request: git", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt"}, {"name": "SUSE-SR:2011:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"}, {"name": "[oss-security] 20100721 CVE request: git", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/1"}, {"name": "ADV-2011-0464", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0464"}, {"name": "41891", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/41891"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:39:37.663Z"}, "title": "CVE Program Container", "references": [{"name": "43457", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43457"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618108"}, {"name": "[oss-security] 20100722 Re: CVE request: git", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt"}, {"name": "SUSE-SR:2011:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"}, {"name": "[oss-security] 20100721 CVE request: git", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/1"}, {"name": "ADV-2011-0464", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0464"}, {"name": "41891", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/41891"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2542", "datePublished": "2010-08-11T18:00:00", "dateReserved": "2010-06-30T00:00:00", "dateUpdated": "2024-08-07T02:39:37.663Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", "matchCriteriaId": "49093783-9DC6-439F-88A0-133509B2D762", "versionEndExcluding": "1.7.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n is_git_directory en setup.c en Git anterior v1.7.2.1 permite a usuarios locales obtener privilegios a trav\u00e9s de un gitdir grande: campo en un fichero .git en una acci\u00f3n copia. \r\n\r\n"}], "id": "CVE-2010-2542", "lastModified": "2024-11-21T01:16:52.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-08-11T18:47:50.687", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43457"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/41891"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0464"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=git/git.git%3Ba=commit%3Bh=3c9d0414ed2db0167e6c828b547be8fc9f88fccc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/07/22/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/41891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2011/0464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618108"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}