Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 Nov 2015 16:28:18 +0100
From: Jacob Vosmaer <jacob@...lab.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: RCE in gitlab-shell 2.6.6-2.6.7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I would like to request one (1) CVE for the vulnerability in
gitlab-shell described below. Thanks in advance.

We have found a remote code execution vulnerability in gitlab-shell
2.6.6 and 2.6.7. This affects GitLab Community Edition 8.2.0 and
GitLab Enterprise Edition 8.2.0. GitLab 8.1.4 and earlier versions
are not affected by this vulnerability.

GitLab allows users to push and pull Git data over SSH. To prevent
full system access via SSH we use gitlab-shell, a program that
sanitizes and validates SSH commands that run on the GitLab server
to send and receive Git data. Due to a change in gitlab-shell
2.6.6-2.6.7, an attacker who has a user account on a GitLab server
can bypass the sanitization in gitlab-shell and run arbitrary
commands on the GitLab server.

The only versions of GitLab that include a vulnerable version of
gitlab-shell  are GitLab Community Edition 8.2.0 and GitLab Enterprise
Edition 8.2.0. If you are still running GitLab 8.1 or earlier then
you are not affected by this vulnerability.  As an administrator
you can check your gitlab-shell version by going to
gitlab.example.com/admin and looking in the upper right corner in
the 'Components' section. Only gitlab-shell versions 2.6.6 and 2.6.7
are affected.

If you installed GitLab 8.2.0 on your server then you should  [upgrade
immediately](https://about.gitlab.com/update/).

This vulnerability was fixed by:
https://gitlab.com/gitlab-org/gitlab-shell/commit/dacb8ec07645f254c3a2cf7d6f1d6c26b4f33dce

Best regards,

Jacob Vosmaer
GitLab Inc.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJWVdMIAAoJEB2vXw0YK62WrOYH/3qJbQfKpEeRkKRobDQwjpXw
85NHkoeTPmneHe41KEeUrgt5YdkrZs4kjTlaAq5CgbxRgVTQdo907q4Y4O3TgmBl
gnO0qJ7qATTKkZoK3h5YQUckhDXeyRIC4xYxmADefBRBKrlyWQWgh61p2rN/5/1T
v3YmdDa+2DqYYhxNIUhHeIL9sF7XVhD3fOwNSZ/2w6ShgP9Zc1i6fHO0vbkU0ZX0
WpG5h8TGIuvp6BgaIBo0u0eFgC7Q3e9Wi3GWwr200GAwOqqfIQDJKpFAUbH/EVTp
SGR/lwxbrspUkU8cMNEwJBs4eREBxH0cIyq1TtqZlyRYhJrqYzjhNHg1Npi7bPg=
=hvt4
-----END PGP SIGNATURE-----

Best regards,

Jacob Vosmaer
GitLab B.V.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ