BitKeeper Vulnerabilities
Created 1/21/03
Impact
A remote attacker could execute arbitrary commands.
Background
BitKeeper
is a software configuration management system for Unix,
Linux, and Windows. It can be configured to run a web
interface on a selected port for remote usage.
The Problem
The BitKeeper daemon, when it receives a request for the
diff command in the URL, executes the
diff command in a shell without filtering
special characters from the arguments. It is therefore
possible to execute arbitrary commands by sending a
specially crafted request to the daemon. BitKeeper 3.0
is affected by this vulnerability.
BitKeeper 3.0 is also affected by a race condition which
could allow a local attacker to take control of temporary
files and, subsequently, to take control of the program.
Resolution
Download
the latest version of BitKeeper.
BitKeeper 3.0.1 was released after this vulnerability was
publicized, so it presumably contains a fix.
Where can I read more about this?
This vulnerability was posted to
VulnWatch.