GitHub Fixes Three Vulnerabilities

Wednesday, February 19, 2014 @ 05:02 PM gHale

GitHub fixed three vulnerabilities including a SSH Git remote command execution (RCE), a two-factor authentication (2FA) brute-force, and a MySQL typecasting authentication bypass.

The MySQL typecasting authentication bypass issue first came to light in June. However, the other two security holes, the 2FA bug came out at the end of January and the RCE flaw on February 10. Joernchen of Phonoelit identified and reported the vulnerabilities. GitHub is a web-based hosting service for software development projects.

Spoofing Bug Infests Uploader Software
GitHub Hit by DDoS Attack, Again
Top 10 DDoS Attack Trends
More Malware Working in Cloud

Regarding the RCE vulnerability, GitHub said, “Environment variables were being set based on key/value pairs being passed over HTTP from one backend service to another. By injecting metacharacters in user controlled values, an attacker would have been able to add arbitrary key/value pairs.”

Joernchen demonstrated how this issue could undergo exploitation for arbitrary command execution.

“We addressed the vulnerability by stripping metacharacters from user controlled data before using it in environment variables. We have also performed a full audit of related code to ensure that there were no similar vulnerabilities,” GitHub said in its report.

As far as the 2FA vulnerability goes, Joernchen found the number of two-factor authentication attempts did not have limits, allowing an attacker to make unlimited guesses to determine the codes.

In order to address this problem, existing rate limiting expanded to include 2FA as well.

Leave a Reply

You must be logged in to post a comment.