National Cyber Awareness System

Vulnerability Summary for CVE-2009-2108

Overview

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [fedora-security-list] 20090612 git daemon DoS

Type: Patch Information

Hyperlink:https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html

External Source: VUPEN

Name: ADV-2009-1579

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/1579

External Source: MLIST

Name: [oss-security] 20090612 Git daemon infinite loop

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2009/06/12/1

External Source: MISC

Name: http://thread.gmane.org/gmane.comp.version-control.git/120724

Type: Patch Information

Hyperlink:http://thread.gmane.org/gmane.comp.version-control.git/120724

External Source: MISC

Name: http://article.gmane.org/gmane.comp.version-control.git/120733

Type: Patch Information

Hyperlink:http://article.gmane.org/gmane.comp.version-control.git/120733

External Source: FEDORA

Name: FEDORA-2009-6839

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html

External Source: FEDORA

Name: FEDORA-2009-6936

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html

External Source: FEDORA

Name: FEDORA-2009-6809

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html

External Source: XF

Name: gitdaemon-xinetd-dos(51083)

Hyperlink:http://xforce.iss.net/xforce/xfdb/51083

External Source: SECTRACK

Name: 1022398

Hyperlink:http://www.securitytracker.com/id?1022398

External Source: BID

Name: 35338

Hyperlink:http://www.securityfocus.com/bid/35338

External Source: MANDRIVA

Name: MDVSA-2009:155

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:155

External Source: GENTOO

Name: GLSA-200907-05

Hyperlink:http://security.gentoo.org/glsa/glsa-200907-05.xml

External Source: SECUNIA

Name: 35730

Hyperlink:http://secunia.com/advisories/35730

External Source: SECUNIA

Name: 35437

Type: Advisory

Hyperlink:http://secunia.com/advisories/35437

External Source: OSVDB

Name: 55034

Hyperlink:http://osvdb.org/55034