ID

VAR-202002-0749


CVE

CVE-2014-9390


TITLE

Remote for multiple products Git Vulnerability to execute arbitrary command on server

Trust: 0.8

sources: JVNDB: JVNDB-2014-008933

DESCRIPTION

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. Remote for multiple products Git The server is vulnerable to the execution of arbitrary commands. ..(1) Negligible Unicode Code point, (2) git~1/config Expression, or (3) Cleverly crafted with mixed cases that are improperly processed on case-insensitive filesystems .git/config Arbitrary commands can be executed through the tree containing the files. Git is prone to a vulnerability that may allow attackers to overwrite arbitrary local files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. libgit2 and so on are all products. libgit2 is a portable Git core development package implemented in C language. Apple Xcode, etc. are all products of Apple (Apple). Apple Xcode is an integrated development environment provided to developers, Matt Mackall Mercurial, etc. are all products of Matt Mackall (Matt Mackall) software developers. An input validation error vulnerability exists in several products. The vulnerability stems from the failure of the network system or product to properly validate the input data. Background ========== Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mercurial: Multiple vulnerabilities Date: December 07, 2016 Bugs: #533008, #544332, #578546, #582238 ID: 201612-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Background ========== Mercurial is a distributed source control management system. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-vcs/mercurial < 3.8.4 >= 3.8.4 Description =========== Multiple vulnerabilities have been discovered in Mercurial. Please review the CVE identifier and bug reports referenced for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process. Workaround ========== There is no known workaround at this time. Resolution ========== All mercurial users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/mercurial-3.8.4" References ========== [ 1 ] CVE-2014-9390 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9390 [ 2 ] CVE-2014-9462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9462 [ 3 ] CVE-2016-3068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3068 [ 4 ] CVE-2016-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3069 [ 5 ] CVE-2016-3105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3105 [ 6 ] CVE-2016-3630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3630 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-19 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:169 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : git Date : March 30, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated git packages fix security vulnerability: It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a git pull. Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user&#039;s .git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client (CVE-2014-9390). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390 http://advisories.mageia.org/MGASA-2014-0546.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: ef3f480ca48a2a9611bd11fa8a045892 mbs2/x86_64/git-1.8.5.6-1.mbs2.x86_64.rpm efd3deae08fd17b80008bd3dc881d1f7 mbs2/x86_64/git-arch-1.8.5.6-1.mbs2.x86_64.rpm c60432719a43e70eb929c1c75c93fdda mbs2/x86_64/git-core-1.8.5.6-1.mbs2.x86_64.rpm 10fb62c0748447bd1b960789125e8d1b mbs2/x86_64/git-core-oldies-1.8.5.6-1.mbs2.x86_64.rpm dafec670f61de3e9942a97377b604859 mbs2/x86_64/git-cvs-1.8.5.6-1.mbs2.x86_64.rpm 879edb749813e5e175e90c88d2188eb9 mbs2/x86_64/git-email-1.8.5.6-1.mbs2.x86_64.rpm 1261450cb657453cd10a055301e42e01 mbs2/x86_64/gitk-1.8.5.6-1.mbs2.x86_64.rpm 8b4e493293c55a955e439233ae55ec99 mbs2/x86_64/git-prompt-1.8.5.6-1.mbs2.x86_64.rpm 2a4694ce47fe835f532cd7acc734e7b3 mbs2/x86_64/git-svn-1.8.5.6-1.mbs2.x86_64.rpm 39c2ff102bf754a4ca9a6d9d70fbc79c mbs2/x86_64/gitview-1.8.5.6-1.mbs2.x86_64.rpm 35bb63e42cfe602a24ae790fe3ddbd54 mbs2/x86_64/gitweb-1.8.5.6-1.mbs2.x86_64.rpm d464e9766d38928a7fe9510382356724 mbs2/x86_64/lib64git-devel-1.8.5.6-1.mbs2.x86_64.rpm 644c0f388c821f9192485494ac3199d5 mbs2/x86_64/perl-Git-1.8.5.6-1.mbs2.x86_64.rpm 261134d774a1b833817d8855214a9412 mbs2/SRPMS/git-1.8.5.6-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVGPUcmqjQ0CJFipgRAh4wAKDuznNiViTa2PaV8idvg0tSlPIzMACg7AqX AknCsk/2slzIzxNpACLxeDI= =Vdej -----END PGP SIGNATURE----- . Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-2470-1 January 14, 2015 git vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Git could be made to run programs as your login if it received specially crafted changes from a remote repository. Software Description: - git: fast, scalable, distributed revision control system Details: Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. The remote attacker would need write access to a Git repository that the victim pulls from. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: git 1:2.1.0-1ubuntu0.1 Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.1 Ubuntu 12.04 LTS: git 1:1.7.9.5-1ubuntu0.1 After a standard system update you need to set the core.protectHFS and/or core.protectNTFS Git configuration variables to "true" if you store Git trees in HFS+ and/or NTFS filesystems. If you host Git trees, setting the core.protectHFS, core.protectNTFS, and receive.fsckObjects Git configuration variables to "true" will cause your Git server to reject objects containing malicious paths intended to overwrite the Git metadata. References: http://www.ubuntu.com/usn/usn-2470-1 CVE-2014-9390 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.1.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-4 Xcode 6.2 Xcode 6.2 is now available and addresses the following: subversion Available for: OS X Mavericks v10.9.4 or later Impact: Multiple vulnerabilities in Apache Subversion Description: Multiple vulnerabilities existed in Apache Subversion, the most serious of which may have allowed an attacker with a privileged position to spoof SSL servers via a crafted certificate. These issues were addressed by updating Apache Subversion to version 1.7.19. CVE-ID CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .git folder Description: The checks involved in disallowed paths did not account for case insensitivity or unicode characters. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.2"

Trust: 2.61

sources: NVD: CVE-2014-9390 // JVNDB: JVNDB-2014-008933 // BID: 71732 // VULHUB: VHN-77335 // VULMON: CVE-2014-9390 // PACKETSTORM: 129677 // PACKETSTORM: 133704 // PACKETSTORM: 140059 // PACKETSTORM: 131193 // PACKETSTORM: 129939 // PACKETSTORM: 130744

AFFECTED PRODUCTS

vendor:git scmmodel:gitscope:gteversion:2.1.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.2.1

Trust: 1.0

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 1.0

vendor:eclipsemodel:egitscope:ltversion:08-12-2014

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.0.5

Trust: 1.0

vendor:applemodel:xcodescope:lteversion:6.1.1

Trust: 1.0

vendor:libgit2model:libgit2scope:ltversion:0.21.3

Trust: 1.0

vendor:eclipsemodel:jgitscope:ltversion:3.4.2

Trust: 1.0

vendor:eclipsemodel:jgitscope:ltversion:3.5.3

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:1.9.0

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.0.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:1.9.5

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.1.4

Trust: 1.0

vendor:mercurialmodel:mercurialscope:ltversion:3.2.3

Trust: 1.0

vendor:eclipsemodel:jgitscope:gteversion:3.5.0

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.2.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:1.8.5.6

Trust: 1.0

vendor:eclipsemodel:egitscope: - version: -

Trust: 0.8

vendor:eclipsemodel:jgitscope: - version: -

Trust: 0.8

vendor:git scmmodel:gitscope:eqversion:1.8.5.6

Trust: 0.8

vendor:git scmmodel:gitscope:eqversion:1.9.5

Trust: 0.8

vendor:git scmmodel:gitscope:eqversion:2.0.5

Trust: 0.8

vendor:git scmmodel:gitscope:eqversion:2.1.4

Trust: 0.8

vendor:git scmmodel:gitscope:eqversion:2.2.1

Trust: 0.8

vendor:libgit2model:libgit2scope: - version: -

Trust: 0.8

vendor:mercurialmodel:mercurialscope:eqversion:3.2.3

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:6.2 beta 3

Trust: 0.8

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

sources: BID: 71732 // JVNDB: JVNDB-2014-008933 // NVD: CVE-2014-9390

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9390
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2014-008933
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201412-509
value: CRITICAL

Trust: 0.6

VULHUB: VHN-77335
value: HIGH

Trust: 0.1

VULMON: CVE-2014-9390
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9390
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2014-008933
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-77335
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9390
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2014-008933
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-77335 // VULMON: CVE-2014-9390 // JVNDB: JVNDB-2014-008933 // CNNVD: CNNVD-201412-509 // NVD: CVE-2014-9390

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-77335 // JVNDB: JVNDB-2014-008933 // NVD: CVE-2014-9390

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 140059 // PACKETSTORM: 129939 // CNNVD: CNNVD-201412-509

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 71732 // CNNVD: CNNVD-201412-509

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008933

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-77335

PATCH

title:HT204147url:https://support.apple.com/en-us/HT204147

Trust: 0.8

title:HT204147url:https://support.apple.com/ja-jp/HT204147

Trust: 0.8

title:EGiturl:https://www.eclipse.org/egit/

Trust: 0.8

title:JGiturl:https://www.eclipse.org/jgit/

Trust: 0.8

title:Git 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and thanking friends in Mercurial landurl:https://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html

Trust: 0.8

title:Top Pageurl:https://libgit2.org/

Trust: 0.8

title:Release Notesurl:http://mercurial.selenic.com/wiki/WhatsNew

Trust: 0.8

title:Git Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108063

Trust: 0.6

title:Debian CVElist Bug Report Logs: CVE-2014-9390: Errors in handling case-sensitive directories allow for remote code execution on pullurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=3d261960ef416477512c63345482cde6

Trust: 0.1

title:Ubuntu Security Notice: git vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2470-1

Trust: 0.1

title:Debian Security Advisories: DSA-3257-1 mercurial -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ff84582761ae814b21d648e3e5695a92

Trust: 0.1

title:Debian CVElist Bug Report Logs: dulwich: CVE-2015-0838: buffer overflow in C implementation of pack apply_delta()url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=924c567b0c5bfcb8fd430e33e12ece5c

Trust: 0.1

title:Debian CVElist Bug Report Logs: mercurial: CVE-2014-9462: command injection via sshpeer._validaterepo()url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a8fb7f02161f50bfff0ab70ff4eee61e

Trust: 0.1

title:Debian CVElist Bug Report Logs: dulwich: CVE-2014-9706: does not prevent to write files in commits with invalid paths to working treeurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d965cc1cf23195b4ff589e7cb23233d5

Trust: 0.1

title:Apple: Xcode 6.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=28f88d65a83ee45368f37221b1b4ea8f

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f

Trust: 0.1

title:git_osx_installerurl:https://github.com/timcharper/git_osx_installer

Trust: 0.1

title:CVE-2014-9390url:https://github.com/mmetince/CVE-2014-9390

Trust: 0.1

sources: VULMON: CVE-2014-9390 // JVNDB: JVNDB-2014-008933 // CNNVD: CNNVD-201412-509

EXTERNAL IDS

db:NVDid:CVE-2014-9390

Trust: 3.5

db:SECTRACKid:1031404

Trust: 1.7

db:JVNDBid:JVNDB-2014-008933

Trust: 0.8

db:CNNVDid:CNNVD-201412-509

Trust: 0.7

db:BIDid:71732

Trust: 0.4

db:PACKETSTORMid:131193

Trust: 0.2

db:PACKETSTORMid:129677

Trust: 0.2

db:PACKETSTORMid:133704

Trust: 0.2

db:PACKETSTORMid:140059

Trust: 0.2

db:PACKETSTORMid:129939

Trust: 0.2

db:PACKETSTORMid:129784

Trust: 0.1

db:VULHUBid:VHN-77335

Trust: 0.1

db:VULMONid:CVE-2014-9390

Trust: 0.1

db:PACKETSTORMid:130744

Trust: 0.1

sources: VULHUB: VHN-77335 // VULMON: CVE-2014-9390 // BID: 71732 // JVNDB: JVNDB-2014-008933 // PACKETSTORM: 129677 // PACKETSTORM: 133704 // PACKETSTORM: 140059 // PACKETSTORM: 131193 // PACKETSTORM: 129939 // PACKETSTORM: 130744 // CNNVD: CNNVD-201412-509 // NVD: CVE-2014-9390

REFERENCES

url:https://github.com/blog/1938-git-client-vulnerability-announced

Trust: 2.6

url:https://news.ycombinator.com/item?id=8769667

Trust: 2.6

url:http://article.gmane.org/gmane.linux.kernel/1853266

Trust: 1.8

url:http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html

Trust: 1.8

url:http://mercurial.selenic.com/wiki/whatsnew

Trust: 1.8

url:http://securitytracker.com/id?1031404

Trust: 1.8

url:http://support.apple.com/kb/ht204147

Trust: 1.8

url:https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915

Trust: 1.8

url:https://libgit2.org/security/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-9390

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9390

Trust: 0.9

url:http://git.or.cz/

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://developer.apple.com/xcode/downloads/

Trust: 0.2

url:https://support.apple.com/kb/ht1222

Trust: 0.2

url:http://gpgtools.org

Trust: 0.2

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:https://security.gentoo.org/

Trust: 0.2

url:https://bugs.gentoo.org.

Trust: 0.2

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9390

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/timcharper/git_osx_installer

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=36837

Trust: 0.1

url:https://usn.ubuntu.com/2470-1/

Trust: 0.1

url:https://security.gentoo.org/glsa/201509-06

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9462

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3069

Trust: 0.1

url:https://security.gentoo.org/glsa/201612-19

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3105

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3069

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3630

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3105

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3630

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9462

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0546.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:1.9.1-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.1.0-1ubuntu0.1

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2470-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:1.7.9.5-1ubuntu0.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3528

Trust: 0.1

sources: VULHUB: VHN-77335 // VULMON: CVE-2014-9390 // BID: 71732 // JVNDB: JVNDB-2014-008933 // PACKETSTORM: 129677 // PACKETSTORM: 133704 // PACKETSTORM: 140059 // PACKETSTORM: 131193 // PACKETSTORM: 129939 // PACKETSTORM: 130744 // CNNVD: CNNVD-201412-509 // NVD: CVE-2014-9390

CREDITS

Matt Mackall and Augie Fackler

Trust: 0.9

sources: BID: 71732 // CNNVD: CNNVD-201412-509

SOURCES

db:VULHUBid:VHN-77335
db:VULMONid:CVE-2014-9390
db:BIDid:71732
db:JVNDBid:JVNDB-2014-008933
db:PACKETSTORMid:129677
db:PACKETSTORMid:133704
db:PACKETSTORMid:140059
db:PACKETSTORMid:131193
db:PACKETSTORMid:129939
db:PACKETSTORMid:130744
db:CNNVDid:CNNVD-201412-509
db:NVDid:CVE-2014-9390

LAST UPDATE DATE

2024-11-20T21:26:19.183000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-77335date:2020-09-09T00:00:00
db:VULMONid:CVE-2014-9390date:2021-05-17T00:00:00
db:BIDid:71732date:2015-10-26T16:46:00
db:JVNDBid:JVNDB-2014-008933date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-201412-509date:2021-07-09T00:00:00
db:NVDid:CVE-2014-9390date:2021-05-17T19:54:37.887

SOURCES RELEASE DATE

db:VULHUBid:VHN-77335date:2020-02-12T00:00:00
db:VULMONid:CVE-2014-9390date:2020-02-12T00:00:00
db:BIDid:71732date:2014-12-19T00:00:00
db:JVNDBid:JVNDB-2014-008933date:2020-03-09T00:00:00
db:PACKETSTORMid:129677date:2014-12-20T01:29:10
db:PACKETSTORMid:133704date:2015-09-25T06:55:36
db:PACKETSTORMid:140059date:2016-12-07T16:38:00
db:PACKETSTORMid:131193date:2015-03-31T15:43:41
db:PACKETSTORMid:129939date:2015-01-14T03:52:44
db:PACKETSTORMid:130744date:2015-03-10T16:22:37
db:CNNVDid:CNNVD-201412-509date:2014-12-25T00:00:00
db:NVDid:CVE-2014-9390date:2020-02-12T02:15:10.963