CVE-2014-9706
published 2015-03-31CVE-2014-9706: The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.03%
91.2th percentile
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | dulwich | < dulwich 0.10.1-1 (bookworm) | dulwich 0.10.1-1 (bookworm) |
| dulwich_project | dulwich | <= 0.9.8 | — |
| dulwich_project | dulwich | >= 0 < 0.10.1-1 | 0.10.1-1 |
| dulwich_project | dulwich | >= 0 < 0.10.1-1 | 0.10.1-1 |
| dulwich_project | dulwich | >= 0 < 0.10.1-1 | 0.10.1-1 |
| dulwich_project | dulwich | >= 0 < 0.10.1-1 | 0.10.1-1 |
| dulwich_project | dulwich | >= 0 < 0.9.9 | 0.9.9 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dulwich Arbitrary code execution via commit with directory path starting with .git
osv·2022-05-17
CVE-2014-9706 [CRITICAL] Dulwich Arbitrary code execution via commit with directory path starting with .git
Dulwich Arbitrary code execution via commit with directory path starting with .git
The `build_index_from_tree` function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with `.git/`, which is not properly handled when checking out a working tree.
GHSA
Dulwich Arbitrary code execution via commit with directory path starting with .git
ghsa·2022-05-17
CVE-2014-9706 [CRITICAL] Dulwich Arbitrary code execution via commit with directory path starting with .git
Dulwich Arbitrary code execution via commit with directory path starting with .git
The `build_index_from_tree` function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with `.git/`, which is not properly handled when checking out a working tree.
OSV
CVE-2014-9706: The build_index_from_tree function in index
osv·2015-03-31·CVSS 7.5
CVE-2014-9706 [HIGH] CVE-2014-9706: The build_index_from_tree function in index
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
Debian
CVE-2014-9706: dulwich - The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows re...
vendor_debian·2014·CVSS 7.5
CVE-2014-9706 [HIGH] CVE-2014-9706: dulwich - The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows re...
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
Scope: local
bookworm: resolved (fixed in 0.10.1-1)
bullseye: resolved (fixed in 0.10.1-1)
forky: resolved (fixed in 0.10.1-1)
sid: resolved (fixed in 0.10.1-1)
trixie: resolved (fixed in 0.10.1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
bugzilla·2015-03-23·CVSS 7.5
CVE-2014-9706 [HIGH] CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects
Bugzilla
CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
bugzilla·2015-03-23·CVSS 7.5
CVE-2014-9706 [HIGH] CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
dulwich happily clones a repository which contains commit with invalid
paths, say .git/hooks/pre-commit, and thus allowing execution of code
on subsequent commits.
----cut---------cut---------cut---------cut---------cut---------cut-----
dummy () sid:~$ python PoC.py
dummy () sid:~$ dulwich clone PoC.git foo
Counting objects: 5, done.
Compressing objects: 100% (2/2), done.
Total 5 (delta 0), reused 5 (delta 0)
Checking out HEADdummy () sid:~$ cd foo/
dummy () sid:~/foo$ git commit -m "test" --allow-empty
You just got cracked! (not really but you could have been!)
[master 9588153] test
dummy () sid:~/foo$ ls -l /tmp/cracked
-rw-r--r-- 1 dummy dummy 0 Mar 21 10:24 /tmp/cracked
dummy () sid:~/foo$
Bugzilla
CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]
bugzilla·2015-03-23·CVSS 7.5
CVE-2014-9706 [HIGH] CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]
CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affec
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.htmlhttp://www.debian.org/security/2015/dsa-3206http://www.openwall.com/lists/oss-security/2015/03/21/1http://www.openwall.com/lists/oss-security/2015/03/22/26https://git.samba.org/?p=jelmer/dulwich.git%3Ba=commitdiff%3Bh=091638be3c89f46f42c3b1d57dc1504af5729176https://lists.launchpad.net/dulwich-users/msg00827.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154551.htmlhttp://www.debian.org/security/2015/dsa-3206http://www.openwall.com/lists/oss-security/2015/03/21/1http://www.openwall.com/lists/oss-security/2015/03/22/26https://git.samba.org/?p=jelmer/dulwich.git%3Ba=commitdiff%3Bh=091638be3c89f46f42c3b1d57dc1504af5729176https://lists.launchpad.net/dulwich-users/msg00827.html
2015-03-31
Published