CVE-2014-9390 is one of the hilarious vulnerability I’ve ever seen. One single git may cause you hacked! I won’t dive into the details of this vulnerability because of official announcements can be found here ( https://github.com/blog/1938-git-client-vulnerability-announced and http://article.gmane.org/gmane.linux.kernel/1853266 ) . In short, if you use case insensitive operating system like Windows or OSX you have to update your git client, do it right now! Otherwise attackers can insert their own pre hooks into your git directory.
Let’s analyze this vulnerability from penetration tester perspective.