CVE-2011-1572 Information

Description

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.

Reference

http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1 http://seclists.org/oss-sec/2011/q2/197 http://seclists.org/oss-sec/2011/q2/209 http://www.debian.org/security/2011/dsa-2215 http://www.securityfocus.com/bid/46473 https://bugzilla.redhat.com/show_bug.cgi?id=695568 https://exchange.xforce.ibmcloud.com/vulnerabilities/65542 https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc