SNS Vulnerability

Fedora Security Update Fixes Gitolite Directory Traversal Vulnerability

Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by an input validation error in Gitolite when processing admin defined commands (ADC), which could be exploited by authenticated users to conduct directory traversal attacks and execute arbitrary code.

Vulnerable Products

Vulnerable Software:
Fedora 14

Solution

Upgrade the affected package (gitolite) : http://docs.fedoraproject.org/yum/

CVE

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054250.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Misc : Directory traversal - parameter starting with ../	3.2.0
Directory traversal using ..\..	3.2.0
Directory traversal	3.2.0
Directory traversal backward root folder	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2011-02-22

Target Type

Server

Possible exploit

Local & Remote