Redmine git_http_controller.rb Arbitrary Command Execution Vulnerability

Redmine git_http_controller.rb Arbitrary Command Execution Vulnerability

Release date:
Updated on:

Affected Systems:
Redmine
Description:
CVE (CAN) ID: CVE-2013-4663

Redmine is a web-based project management software developed using Ruby and a cross-platform project management system developed using the ROR framework.

In the redmine_git_hosting plug-in of Redmine, git_http_controller.rb has a security vulnerability. Remote attackers can execute arbitrary commands by using the shell metacharacters of info/refs service parameters or file_exists reqfile parameters.

<* Source: Nick Blundell
*>

Test method:

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Nick Blundell () provides the following test methods:

Curl-k "https://redmine.demo.com/someproject.git/info/refs? Service = git-% 60 sleep % 2010% 60 ″

Suggestion:
Vendor patch:

Redmine
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.sec-1.com/blog/2013/redmine-git-hosting-plugin-remote-command-execution

The most simplified Redmine deployment method in Ubuntu 10.04

Precautions for installing Redmine on Ubuntu 10.04 by default

Install and configure Redmine in CentOS 5

Set up PostgreSQL-based Redmine in Ubuntu 9.10

Install the open-source project management software Redmine in Ubuntu

How to upgrade the Turnkey Redmine VM from Redmine 1.0.5 to 1.2

Set up the Redmine environment, mail service configuration, and LDAP configuration in CentOS5

Redmine details: click here
Redmine: click here

This article permanently updates the link address: