Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC
Security researcher Amal Murali recently published the technical details and proof-of-concept (PoC) for critical remote code execution (RCE) vulnerability in Git, tracked as CVE-2024-32002 (CVSS 9.1). This vulnerability could be exploited during the routine “git clone” operation, potentially granting attackers unauthorized control over affected systems.
Murali’s meticulous investigation, detailed in a comprehensive blog post, reveals the fascinating inner workings of the vulnerability. By dissecting Git’s source code and analyzing patch diffs, the researcher uncovered how a combination of case-insensitive filesystems and symlinks could be leveraged to inject malicious code during a clone.
At the heart of the exploit lies the subtle interaction between case-insensitive filesystems (common on Windows and macOS) and Git’s submodule functionality. By crafting a repository with a specially crafted submodule and a symbolic link, an attacker can trick Git into executing a malicious hook script during the clone process.
Successful RCE execution on Windows via remote GitHub repo URL | Image: Amal Murali
In addition to the technical details, Murali crafted a proof-of-concept (PoC) exploit for CVE-2024-32002 to demonstrate the RCE. By creating a malicious symlink within the submodule with a case variation in the path, the exploit tricked Git into exposing the hidden .git/ directory. This directory, containing hooks that are executed during Git operations, became the vector for the RCE.
Successful RCE execution on Mac via remote GitHub repo URL | Image: Amal Murali
Murali’s exploit involved replacing the post-checkout hook with injection code. Initial attempts faced challenges due to symlink permissions on Windows, but running Git Bash as Administrator resolved these issues. After several trials, Murali successfully demonstrated the exploit, showcasing the potential havoc it could wreak – from launching rogue applications to wiping out directories.
This RCE vulnerability poses a significant threat, as the “git clone” operation is fundamental to countless development workflows. Fortunately, the vulnerability has been patched in the latest Git versions. Users are strongly advised to update immediately to safeguard their systems.
