Reference: CERT-EU Security Advisory


Short Summary
--------------
A vulnerability in Git allows a perpetrator to execute code remotely while 
cloning or pushing repository with large filenames or a large number of nes
ted trees..
For server exploitation, perpetrator will need write access in order to pus
h remote git repository.
For client exploitation, any local user allowed to execute git client comma
nd can trigger the vulnerability by cloning a repository with large filenam
es.


CVE reference: CVE-2016-2324, CVE-2016E280912315
Affected platforms: git (client + server) < 2.7.1
Date found: 2016-03-16
Security risk: High
Vendor Status: Notified / Patch available


Systems affected
-----------------
git (client + server) < 2.7.1


Impact
-------
The successful exploitation of a vulnerable client or server allows the att
acker to execute code on the targeted system.


Solutions
----------
Upgrade to version 2.7.1


Additional References
-----------------------
https://ma.tti
as.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324-
cve-2016-2315/
https://gi
t-scm.com/


CERT-EU (
http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail:

cert-eu@ec.europa.eu<mailto:cert-eu@ec.europa.eu>
<
;mailto:cert-eu@ec.europa.eu>
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383