Vulnerabilities > CVE-2002-0092 - Denial Of Service vulnerability in CVS Server Global Variable

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
cvs
nessus

Summary

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

Vulnerable Configurations

Part Description Count
Application
Cvs
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-117.NASL
descriptionKim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running under a remote user id. It is not yet clear if the remote account can be exposed, though.
last seen2020-06-01
modified2020-06-02
plugin id14954
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14954
titleDebian DSA-117-1 : cvs - improper variable initialization
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-117. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14954);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2002-0092");
  script_xref(name:"DSA", value:"117");

  script_name(english:"Debian DSA-117-1 : cvs - improper variable initialization");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Kim Nielsen recently found an internal problem with the CVS server and
reported it to the vuln-dev mailing list. The problem is triggered by
an improperly initialized global variable. A user exploiting this can
crash the CVS server, which may be accessed through the pserver
service and running under a remote user id. It is not yet clear if the
remote account can be exposed, though."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-117"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the CVS package.

This problem has been fixed in version 1.10.7-9 for the stable Debian
distribution with help of Niels Heinen and in versions newer than
1.11.1p1debian-3 for the testing and unstable distribution of Debian
(not yet uploaded, though)."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cvs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"cvs", reference:"1.10.7-9")) flag++;
if (deb_check(release:"2.2", prefix:"cvs-doc", reference:"1.10.7-9")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
rhsa
idRHSA-2002:026