Vulnerabilities > CVE-2003-0977
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 | |
OS | 3 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-112.NASL description A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions. Update : The previous updates had an incorrect temporary directory hard-coded in the cvs binary for 9.1 and 9.2. This update corrects the problem. last seen 2020-06-01 modified 2020-06-02 plugin id 14094 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14094 title Mandrake Linux Security Advisory : cvs (MDKSA-2003:112-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:112. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14094); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0977"); script_xref(name:"MDKSA", value:"2003:112-1"); script_name(english:"Mandrake Linux Security Advisory : cvs (MDKSA-2003:112-1)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions. Update : The previous updates had an incorrect temporary directory hard-coded in the cvs binary for 9.1 and 9.2. This update corrects the problem." ); # http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?534d3f6a" ); script_set_attribute(attribute:"solution", value:"Update the affected cvs package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cvs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2003/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"cvs-1.11.10-0.2.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"cvs-1.11.10-0.2.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-004.NASL description Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0977 to this issue. Users of CVS are advised to upgrade to these erratum packages, which contain a patch correcting this issue. For Red Hat Enterprise Linux 2.1, these updates also fix an off-by-one overflow in the CVS PreservePermissions code. The PreservePermissions feature is not used by default (and can only be used for local CVS). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0844 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12446 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12446 title RHEL 2.1 / 3 : cvs (RHSA-2004:004) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:004. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12446); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-0844", "CVE-2003-0977"); script_xref(name:"RHSA", value:"2004:004"); script_name(english:"RHEL 2.1 / 3 : cvs (RHSA-2004:004)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0977 to this issue. Users of CVS are advised to upgrade to these erratum packages, which contain a patch correcting this issue. For Red Hat Enterprise Linux 2.1, these updates also fix an off-by-one overflow in the CVS PreservePermissions code. The PreservePermissions feature is not used by default (and can only be used for local CVS). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0844 to this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-0844" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0977" ); # http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15fcc3b2" ); # http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3767cc0a" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:004" ); script_set_attribute(attribute:"solution", value:"Update the affected cvs package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cvs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:004"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"cvs-1.11.1p1-9")) flag++; if (rpm_check(release:"RHEL3", reference:"cvs-1.11.2-14")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cvs"); } }
NASL family Misc. NASL id CVS_DIR_CREATE.NASL description According to its version number, the CVS server running on the remote remote host may allow an attacker to create directories (and possibly files) at the root of the filesystem where the CVS repository is located. last seen 2020-06-01 modified 2020-06-02 plugin id 11947 published 2003-12-11 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11947 title CVS pserver Crafted Module Request Arbitrary File / Directory Creation
Oval
accepted 2013-04-29T04:14:35.172-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. family unix id oval:org.mitre.oval:def:11528 status accepted submitted 2010-07-09T03:56:16-04:00 title CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. version 27 accepted 2007-04-25T19:53:01.591-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. family unix id oval:org.mitre.oval:def:855 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat CVS Server root Directory Access Vulnerability version 37 accepted 2007-04-25T19:53:04.168-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security
description CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. family unix id oval:org.mitre.oval:def:866 status accepted submitted 2004-03-20T12:00:00.000-04:00 title Red Hat Enterprise 3 CVS Server root Directory Access Vulnerability version 38
Redhat
advisories |
| ||||||||
rpms | cvs-0:1.11.2-14 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
- http://marc.info/?l=bugtraq&m=107168035515554&w=2
- http://marc.info/?l=bugtraq&m=107540163908129&w=2
- http://secunia.com/advisories/10601
- http://www.debian.org/security/2004/dsa-422
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
- http://www.redhat.com/support/errata/RHSA-2004-003.html
- http://www.redhat.com/support/errata/RHSA-2004-004.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866