To explore the response to the recently-disclosed Git security vulnerability (which we wrote about at: http://thenewstack.io/major-git-security-vulnerability-discovered-causing-github-to-encourage-update-to-git-clients/) and to provide some context for it in a world of imperfect code, The New Stack Founder Alex Williams called upon Tal Klein of Adallom and Bryan Helmkamp, CEO and Founder of Code Climate, for this episode of The New Stack Analysts. Bryan refreshes us on the nature of the Git vulnerability: “It allows an attacker who has control of a Git repository to execute arbitrary code on the client machine of anybody connecting to that Git repository with a vulnerable version of the Git client.” Tal is not at all surprised by this news: “Vulnerabilities are going to happen; there’s no such thing as perfect code,” he says. “Git was another popular attack vector for the Shellshock vulnerability,” says Tal, describing Git as the perfect candidate through which to attempt to obtain privileges to escalation. “It’s actually the second scenario in which Git itself becomes an attack vector,” he says. Learn more at: https://thenewstack.io/the-new-stack-analysts-show-27-the-git-vulnerability-and-its-aftermath/
To explore the response to the recently-disclosed Git security vulnerability (which we wrote about at: http://thenewstack.io/major-git-security-vulnerability-discovered-causing-github-to-encourage-update-to-git-clients/) and to provide some context for it in a world of imperfect code, The New Stack Founder Alex Williams called upon Tal Klein of Adallom and Bryan Helmkamp, CEO and Founder of Code Climate, for this episode of The New Stack Analysts.
Bryan refreshes us on the nature of the Git vulnerability: “It allows an attacker who has control of a Git repository to execute arbitrary code on the client machine of anybody connecting to that Git repository with a vulnerable version of the Git client.”
Tal is not at all surprised by this news: “Vulnerabilities are going to happen; there’s no such thing as perfect code,” he says. “Git was another popular attack vector for the Shellshock vulnerability,” says Tal, describing Git as the perfect candidate through which to attempt to obtain privileges to escalation. “It’s actually the second scenario in which Git itself becomes an attack vector,” he says.
Learn more at: https://thenewstack.io/the-new-stack-analysts-show-27-the-git-vulnerability-and-its-aftermath/