IBM Support

Security Bulletin: Security vulnerability with Eclipse Git Team Provider affects Rational Application Developer (CVE-2014-9390)

Created by Cesar Ivan Oro… on
Published URL:
https://www.ibm.com/support/pages/node/523857
523857

Security Bulletin


Summary

This vulnerability affects users on Windows and Mac OS X but not typical UNIX users. Even though the issue may not affect Linux users, if you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect such users who use existing versions of Git.

Vulnerability Details

CVEID: CVE-2014-9390

Description: A specifically crafted commit containing a malicious tree that is pushed to a Git repository could cause executable files within the .git/hooks/ folder to arbitrarily run on a client machine when checked out.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

Rational Application Developer 9.1, 9.1.0.1, and 9.1.1.

Remediation/Fixes

Update the Eclipse Git Team Provider in the product to address this vulnerability:

ProductVRMFAPARRemediation/First Fix
Rational Application Developer9.1, 9.1.0.1, 9.1.1PI32087

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

Change History

* 20 January 2015: Original copy published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

PSIRT 2613, Record 47781

[{"Product":{"code":"SSRTLW","label":"Rational Application Developer for WebSphere Software"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Web Development","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF033","label":"Windows"}],"Version":"8.0;8.0.1;8.0.2;8.0.3;8.0.4;8.0.4.1;8.0.4.2;8.0.4.3;8.5;8.5.1;8.5.5;8.5.5.1;9.0;9.0.1;9.0.1.1;9.1;9.1.0.1;9.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
04 February 2020

UID

swg21694391