Impact
This vulnerability lets Git for Windows' installer execute a binary placed into C:\mingw64\bin\git.exe by mistake (or intent); This only happens upon a fresh install, not when upgrading Git for Windows.
Patches
Included in v2.37.1
Workarounds
Create the C:\mingw64 folder and remove read/write access from this folder:
mkdir C:\mingw64
icacls C:\mingw64 /inheritance:r
Alternatively, disallow arbitrary authenticated users to create folders in C:\ (open the Properties of C:\, go to the Security tab and then click Advanced, then remove the Special Permission to create folders for authenticated users).
Credits
Many thanks to 俞晨东 and the Lockheed Martin Red Team for (independently) finding and reporting the vulnerability!
For more information
If you have any questions or comments about this advisory:
ycdxsb Analyst
HackAndPwn Analyst
Impact
This vulnerability lets Git for Windows' installer execute a binary placed into
C:\mingw64\bin\git.exeby mistake (or intent); This only happens upon a fresh install, not when upgrading Git for Windows.Patches
Included in v2.37.1
Workarounds
Create the
C:\mingw64folder and remove read/write access from this folder:Alternatively, disallow arbitrary authenticated users to create folders in
C:\(open the Properties ofC:\, go to theSecuritytab and then clickAdvanced, then remove the Special Permission to create folders for authenticated users).Credits
Many thanks to 俞晨东 and the Lockheed Martin Red Team for (independently) finding and reporting the vulnerability!
For more information
If you have any questions or comments about this advisory: