Info

Disclosure

Oct 09, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 09, 2012

Description

gitolite contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow a local attacker who has the ability to create arbitrary files in /tmp or has their own userID on the same system to gain escalated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required, Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.

Products

Sitaram Chamarty

gitolite

3.x

References

CVE ID: 2012-4506 (see also: NVD)
Secunia Advisory ID: 50896
Vendor URL: https://github.com/sitaramc/gitolite
Vendor Specific Advisory URL: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion[1-25]

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86152