BID:25618

QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability

Info

QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability

Bugtraq ID:	25618
Class:	Design Error
CVE:	CVE-2007-4631
Remote:	No
Local:	Yes
Published:	Sep 10 2007 12:00AM
Updated:	Oct 09 2007 07:38PM
Credit:	Raphael Marichez is credited with the discovery of this vulnerability.
Vulnerable:	QGit QGit 1.5.6 QGit QGit 1.5.5 QGit QGit 1.5.4 QGit QGit 1.5.3 QGit QGit 1.5.2 QGit QGit 1.5.1 Gentoo Linux

Not Vulnerable:	QGit QGit 1.5.7

Discussion

QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability

QGit is prone to a local privilege-escalation vulnerability because the application handles temporary files in an insecure manner.

An attacker can exploit this issue overwrite files and to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to QGit 1.5.7 are vulnerable.

Exploit / POC

QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability

An exploit is not required to leverage this issue. An attacker merely has to gain local interactive access and construct a malicious symlink file.

Solution / Fix

QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability

Solution:
The vendor has released QGit 1.5.7 to address this issue. Please see the references for more information.

QGit QGit 1.5.1

Cuyahoga qgit-2.0rc2.tar.bz2
http://downloads.sourceforge.net/qgit/qgit-2.0rc2.tar.bz2?modtime=1185 277392&big_mirror=0

QGit QGit 1.5.2

Cuyahoga qgit-2.0rc2.tar.bz2
http://downloads.sourceforge.net/qgit/qgit-2.0rc2.tar.bz2?modtime=1185 277392&big_mirror=0

QGit QGit 1.5.3

Cuyahoga qgit-2.0rc2.tar.bz2
http://downloads.sourceforge.net/qgit/qgit-2.0rc2.tar.bz2?modtime=1185 277392&big_mirror=0

QGit QGit 1.5.4

Cuyahoga qgit-2.0rc2.tar.bz2
http://downloads.sourceforge.net/qgit/qgit-2.0rc2.tar.bz2?modtime=1185 277392&big_mirror=0

QGit QGit 1.5.5

Cuyahoga qgit-2.0rc2.tar.bz2
http://downloads.sourceforge.net/qgit/qgit-2.0rc2.tar.bz2?modtime=1185 277392&big_mirror=0

QGit QGit 1.5.6

Cuyahoga qgit-2.0rc2.tar.bz2
http://downloads.sourceforge.net/qgit/qgit-2.0rc2.tar.bz2?modtime=1185 277392&big_mirror=0

References

QGit DataLoader::doStart Function Local Privilege Escalation Vulnerability

References: