It has been a while since the Git vulnerability was announced. The major public repository providers have long since been preventing hosting repositories serving CVE-2018-11235.
While preparing for Craig and my talk at DevSecCon Boston 2018 I had to create a repository to host the exploit for CVE-2018-11235. This was easy to do with Docker and following the instructions on git-scm.
To make it even simpler for others, I created the following Dockerfile (and apache.conf). To create your own repository, download both the Dockerfile and apache.conf.
Remember to download the apache.conf
and include it in the same directory as the Dockerfile. Then build the container image:
docker build . -t git:http
Then to run the server:
docker run -it -v /somepath:/srv/git -p 8000:80 git:http
/somepath
should be a local filepath or volume you want to host the repository in (for persistence). To create a new repository, navigate to the /somepath
folder and init the repository. You’ll also need to set the git config option to allow anonymous modification of the repository.
cd /somepath
mkdir cve-2018-11235
chown www-data:www-data cve-2018-11235
cd cve-2018-11235
git init --bare
git config http.receivepack true
It should now be possible to interact with the repository remotely, setup the git exploit as outlined here