Date: Wed, 25 Nov 2015 16:28:18 +0100 From: Jacob Vosmaer <jacob@...lab.com> To: oss-security@...ts.openwall.com Subject: CVE request: RCE in gitlab-shell 2.6.6-2.6.7 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I would like to request one (1) CVE for the vulnerability in gitlab-shell described below. Thanks in advance. We have found a remote code execution vulnerability in gitlab-shell 2.6.6 and 2.6.7. This affects GitLab Community Edition 8.2.0 and GitLab Enterprise Edition 8.2.0. GitLab 8.1.4 and earlier versions are not affected by this vulnerability. GitLab allows users to push and pull Git data over SSH. To prevent full system access via SSH we use gitlab-shell, a program that sanitizes and validates SSH commands that run on the GitLab server to send and receive Git data. Due to a change in gitlab-shell 2.6.6-2.6.7, an attacker who has a user account on a GitLab server can bypass the sanitization in gitlab-shell and run arbitrary commands on the GitLab server. The only versions of GitLab that include a vulnerable version of gitlab-shell are GitLab Community Edition 8.2.0 and GitLab Enterprise Edition 8.2.0. If you are still running GitLab 8.1 or earlier then you are not affected by this vulnerability. As an administrator you can check your gitlab-shell version by going to gitlab.example.com/admin and looking in the upper right corner in the 'Components' section. Only gitlab-shell versions 2.6.6 and 2.6.7 are affected. If you installed GitLab 8.2.0 on your server then you should [upgrade immediately](https://about.gitlab.com/update/). This vulnerability was fixed by: https://gitlab.com/gitlab-org/gitlab-shell/commit/dacb8ec07645f254c3a2cf7d6f1d6c26b4f33dce Best regards, Jacob Vosmaer GitLab Inc. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJWVdMIAAoJEB2vXw0YK62WrOYH/3qJbQfKpEeRkKRobDQwjpXw 85NHkoeTPmneHe41KEeUrgt5YdkrZs4kjTlaAq5CgbxRgVTQdo907q4Y4O3TgmBl gnO0qJ7qATTKkZoK3h5YQUckhDXeyRIC4xYxmADefBRBKrlyWQWgh61p2rN/5/1T v3YmdDa+2DqYYhxNIUhHeIL9sF7XVhD3fOwNSZ/2w6ShgP9Zc1i6fHO0vbkU0ZX0 WpG5h8TGIuvp6BgaIBo0u0eFgC7Q3e9Wi3GWwr200GAwOqqfIQDJKpFAUbH/EVTp SGR/lwxbrspUkU8cMNEwJBs4eREBxH0cIyq1TtqZlyRYhJrqYzjhNHg1Npi7bPg= =hvt4 -----END PGP SIGNATURE----- Best regards, Jacob Vosmaer GitLab B.V.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ