* Bash vulnerability (CVE-2014-6271)
@ 2014-09-24 19:27 john
0 siblings, 0 replies; only message in thread
From: john @ 2014-09-24 19:27 UTC (permalink / raw)
In case anyone hasn't seen it yet, today's Bash vulnerability
(CVE-2014-6271) [0] may affect CGit servers.
I don't believe CGit in its default configuration will cause a shell to
be executed, but if you configure a filter then you may well be causing
a shell to be executed with the environment of the cgit process, which
will include user-specified variables such as the HTTP User-Agent
header.
The example syntax-highlighting.sh, about-formatting.sh and
commit-links.sh are vulnerable if /bin/sh on your system is a vulnerable
version of Bash.
I confirmed that I can echo arbitrary content from the User-Agent header
into the response on a CGit server I run which has custom filters
installed.
[0] http://seclists.org/oss-sec/2014/q3/650
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-09-24 19:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-24 19:27 Bash vulnerability (CVE-2014-6271) john
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).