Git Vulnerability: Git for Windows uninstaller is vulnerable to DLL hijacking when run under the SYSTEM user account

Git is a version control system that allows developers to track a project and actively contribute without interfering with each other’s work. It supports collaboration within a project and helps prevent miscommunication or code clashing between team members. Git is a very supported open source project and the project maintainers have shown balanced judgment and a mature approach to meeting the long-term needs of its users with regular releases that improve usability and functionality. The quality of the open-source software is easily scrutinized and countless businesses rely heavily on that quality. Here are some related guides: How to install Git on macOS, how to install, register and start GitLab Runner on Windows, and How to set up HTTPS users using Git credentials and Pushing Code to AWS CodeCommit. For a comprehensive list of guides on GIT, kindly click on this link.

Git has released a new verson to address some security vulnerabilities, As reported, we are aware that GitHub is affected. But there is a need to upgrade your local installation of Git, especifially when you are using Git on Windows or on multi-user machines. All credit goes to to 俞晨东, and the fix was authored by Johannes Schindelin.

CVE-2022-24765

As stated in this article, this vulnerability affects multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:\.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigate to a directory that is supposedly not a Git worktree, or open such a directory in an editor or IDE such as VS Code or Atom, which will potentially run commands defined by that other user.

Vulnerability Impact

Since part of Git for Windows’ uninstaller is copied into the current user’s temporary directory and run in that place, it is important to ensure that there are no malicious .dll file in that directory that might be loaded as part of loading the executable.

Yet, the default TMP and TEMP settings point to C:\Windows\Temp—a world-writable folder due to historical reasons. The SYSTEM user account inherits these settings. Authenticated users can insert malicious .dll files, which load when the SYSTEM account runs Git for Windows’ uninstaller.

How to Remediate this vulnerability

The most effective way to protect against this vulnerability is to upgrade to Git v2.35.2. This version changes Git’s behavior when looking for a top-level .git directory to stop when its directory traversal changes ownership from the current user. (If you wish to make an exception to this behavior, you can use the new multi-valued safe.directory configuration).

Ensure uninstalling the previous Git version and installing the new “Git for Windows 2.35.2” version as demonstrated below.

Workaround

If you can’t upgrade immediately, there is a workaround to help reduce the following risk discussed above.

• Override SYSTEM’s TMP environment variable to point to a directory exclusively under SYSTEM’s control before running the uninstaller
• Sweeping C:\Windows\Temp of all .dll files before running the uninstaller
• Running the uninstaller under an admin account rather than SYSTEM.

Note: Since GitHub does not run git outside of known repositories, so is not susceptible to the attack described by CVE-2022-24765. Likewise, GitHub does not use Git for Windows, and therefore not unaffected  CVE-2022-24767. Kindly refer to these related guides: Azure DevOps and GitHub integration for Docker and Kubernetes deployment, how to create a static pod in Kubernetes, and how to install, register and start GitLab Runner on Windows.

Note: As of today, the 17th of April, there is a version of Git for Windows. Kindly click on this link to download it.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.