Actualizaciones de seguridad críticas en GIT

GIT está llamando actualizar a la la última versión GIT 2.45.1, lanzada el 14 de mayo de 2024, que aborda cinco vulnerabilidades. Las plataformas afectadas son Windows, MacOS, Linux e incluso *BSD, ¡por lo que estas soluciones son importantes para todos! 

Esta versión se coordinó con Visual Studio y Github Desktop, que incluyen un subconjunto de GIT. También están lanzando varias actualizaciones de defensa en profundidad para corregir los siguientes errores:

  • CVE-2024-32002 (Critico, Windows & MacOS): los repositorios de Git con submódulos pueden engañar a Git para ejecutar un hook desde el directorio .git/ durante una operación de clonación (git clone), lo que lleva a la Ejecución de Código Remoto (RCE). Existe un exploit público y funcional para esta vulnerabilidad que permite ejecutar código en el cliente.  
───[ 🔍 Vulnerability information ]
|
├ Published:   2024-05-14
├ Base Score:  9.0 (CRITICAL)
├ Vector:      CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
└ Description: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2,
               and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug
               in Git whereby it can be fooled into writing files not into the submodule's worktree
               but into a `.git/` directory. This allows writing a hook that will be executed while
               the clone operation is still running, giving the user no opportunity to inspect the
               code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1,
               2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in
               Git (e.g. via `git config --global core.symlinks false`), the described attack won't
               work. As always, it is best to avoid cloning repositories from untrusted sources.

┌───[ 💣 GitHub Exploits ]
|
├ Date:        2024-05-23
└ URL:         https://github.com/JJoosh/CVE-2024-32002-
|
├ Date:        2024-05-23
└ URL:         https://github.com/vincepsh/CVE-2024-32002-hook
|
├ Date:        2024-05-23
└ URL:         https://github.com/vincepsh/CVE-2024-32002
|
├ Date:        2024-05-22
└ URL:         https://github.com/WOOOOONG/hook
|
├ Date:        2024-05-22
└ URL:         https://github.com/WOOOOONG/CVE-2024-32002
|
├ Date:        2024-05-21
└ URL:         https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell
|
├ Date:        2024-05-21
└ URL:         https://github.com/Roronoawjd/git_rce
|
├ Date:        2024-05-21
└ URL:         https://github.com/Roronoawjd/hook
|
├ Date:        2024-05-20
└ URL:         https://github.com/10cks/hook
|
├ Date:        2024-05-19
└ URL:         https://github.com/safebuffer/CVE-2024-32002
  • CVE-2024-32004 (Alto): un atacante puede crear un repositorio local que ejecute código arbitrario cuando se clona.
┌───[ 🔍 Vulnerability information ]
|
├ Published:   2024-05-14
├ Base Score:  9.0 (CRITICAL)
├ Vector:      CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
└ Description: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2,
               and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug
               in Git whereby it can be fooled into writing files not into the submodule's worktree
               but into a `.git/` directory. This allows writing a hook that will be executed while
               the clone operation is still running, giving the user no opportunity to inspect the
               code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1,
               2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in
               Git (e.g. via `git config --global core.symlinks false`), the described attack won't
               work. As always, it is best to avoid cloning repositories from untrusted sources.

───[ 💣 GitHub Exploits ]
|
├ Date:        2024-05-23
└ URL:         https://github.com/JJoosh/CVE-2024-32002-
|
├ Date:        2024-05-23
└ URL:         https://github.com/vincepsh/CVE-2024-32002-hook
|
├ Date:        2024-05-23
└ URL:         https://github.com/vincepsh/CVE-2024-32002
|
├ Date:        2024-05-22
└ URL:         https://github.com/WOOOOONG/hook
|
├ Date:        2024-05-22
└ URL:         https://github.com/WOOOOONG/CVE-2024-32002
|
├ Date:        2024-05-21
└ URL:         https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell
|
├ Date:        2024-05-21
└ URL:         https://github.com/Roronoawjd/git_rce
|
├ Date:        2024-05-21
└ URL:         https://github.com/Roronoawjd/hook
|
├ Date:        2024-05-20
└ URL:         https://github.com/10cks/hook
|
├ Date:        2024-05-19
└ URL:         https://github.com/safebuffer/CVE-2024-32002
  • CVE-2024-32465 (Alto): la clonación de los archivos .ZIP que contienen repositorios Git pueden evitar las protecciones, potencialmente ejecutando hooks inseguros.
  • CVE-2024-32020 (Bajo): los clones locales en el mismo disco pueden permitir a los usuarios no confiables modificar archivos vinculados en la base de datos de objetos del repositorio clonado.
  • CVE-2024-32021 (Bajo): la clonación de un repositorio local con enlaces simbólicos puede dar lugar a los archivos arbitrarios en el directorio «objects/»

Más información: https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/

Tagged with
, , ,
Filed under
Ciberseguridad
Previous Next
For this post, the comments have been closed.