Vulnerabilities > CVE-2004-0915

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
viewcvs
debian
nessus

Summary

Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.

Vulnerable Configurations

Part Description Count
Application
Viewcvs
1
OS
Debian
12

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200412-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200412-26 (ViewCVS: Information leak and XSS vulnerabilities) The tar export functions in ViewCVS bypass the
    last seen2020-06-01
    modified2020-06-02
    plugin id16068
    published2004-12-28
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16068
    titleGLSA-200412-26 : ViewCVS: Information leak and XSS vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200412-26.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16068);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2004-0915", "CVE-2004-1062");
      script_bugtraq_id(12112);
      script_xref(name:"GLSA", value:"200412-26");
    
      script_name(english:"GLSA-200412-26 : ViewCVS: Information leak and XSS vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200412-26
    (ViewCVS: Information leak and XSS vulnerabilities)
    
        The tar export functions in ViewCVS bypass the 'hide_cvsroot' and
        'forbidden' settings and therefore expose information that should be
        kept secret (CAN-2004-0915). Furthermore, some error messages in
        ViewCVS do not filter user-provided information, making it vulnerable
        to a cross-site scripting attack (CAN-2004-1062).
      
    Impact :
    
        By using the tar export functions, a remote attacker could access
        information that is configured as restricted. Through the use of a
        malicious request, an attacker could also inject and execute malicious
        script code, potentially compromising another user's browser.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200412-26"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All ViewCVS users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-apps/viewcvs-0.9.2_p20041207-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:viewcvs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/28");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-apps/viewcvs", unaffected:make_list("ge 0.9.2_p20041207-r1"), vulnerable:make_list("le 0.9.2_p20041207"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ViewCVS");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_323784CF48A611D9A9E70001020EED82.NASL
    descriptionThe hide_cvsroot and forbidden configuration options are not properly honored by viewcvs when exporting to a tar file which can lead to information leakage.
    last seen2020-06-01
    modified2020-06-02
    plugin id18894
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18894
    titleFreeBSD : viewcvs -- information leakage (323784cf-48a6-11d9-a9e7-0001020eed82)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-605.NASL
    descriptionHaris Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough. When upgrading the package for woody, please make a copy of your /etc/viewcvs/viewcvs.conf file if you have manually edited this file. Upon upgrade the debconf mechanism may alter it in a way so that viewcvs doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id15907
    published2004-12-06
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15907
    titleDebian DSA-605-1 : viewcvs - settings not honored