Vulnerabilities > CVE-2004-1456 - Remote Command Execution vulnerability in CVSTrac filediff
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | CVSTrac Remote Arbitrary Code Execution Exploit. CVE-2004-1456. Remote exploit for linux platform |
| id | EDB-ID:379 |
| last seen | 2016-01-31 |
| modified | 2004-08-06 |
| published | 2004-08-06 |
| reporter | N/A |
| source | https://www.exploit-db.com/download/379/ |
| title | CVSTrac Remote Arbitrary Code Execution Exploit |
Nessus
| NASL family | CGI abuses |
| NASL id | CVSTRAC_FILEDIFF.NASL |
| description | The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. ***** Nessus has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14220 |
| published | 2004-08-09 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14220 |
| title | CVSTrac filediff Arbitrary Remote Code Execution |
| code | |
References
- http://marc.info/?l=bugtraq&m=109173359428253&w=2
- http://secunia.com/advisories/12090/
- http://www.cvstrac.org/cvstrac/chngview?cn=316
- http://www.cvstrac.org/cvstrac/tktview?tn=339
- http://www.kb.cert.org/vuls/id/770816
- http://www.osvdb.org/8373
- http://www.securityfocus.com/bid/10878
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16929