Turbolinux Local Security Tests : Turbolinux TLSA-2003-69 (cvs)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52976

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-69 (cvs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cvs
announced via advisory TLSA-2003-69.

CVS is a front end to the rcs(1) revision control system which extends
the notion of revision control from a collection of files in a single
directory to a hierarchical collection of directories consisting of
revision controlled files.
A remote user can submit a specially crafted and malformed module
request that may cause the CVS server to attempt to create directories
and possibly files at the root of the filesystem where the CVS
repository is located.

This vulnerability may allow attackers to cause the CVS server to create directories and files
in the file system root directory.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-69

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0977
Bugtraq: 20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs) (Google Search)
http://marc.info/?l=bugtraq&m=107168035515554&w=2
Bugtraq: 20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=107540163908129&w=2
Conectiva Linux advisory: CLA-2004:808
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
Debian Security Information: DSA-422 (Google Search)
http://www.debian.org/security/2004/dsa-422
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
http://secunia.com/advisories/10601
SGI Security Advisory: 20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
XForce ISS Database: cvs-module-file-manipulation(13929)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52976
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-69 (cvs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cvs announced via advisory TLSA-2003-69. CVS is a front end to the rcs(1) revision control system which extends the notion of revision control from a collection of files in a single directory to a hierarchical collection of directories consisting of revision controlled files. A remote user can submit a specially crafted and malformed module request that may cause the CVS server to attempt to create directories and possibly files at the root of the filesystem where the CVS repository is located. This vulnerability may allow attackers to cause the CVS server to create directories and files in the file system root directory. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-69 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0977 Bugtraq: 20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs) (Google Search) http://marc.info/?l=bugtraq&m=107168035515554&w=2 Bugtraq: 20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107540163908129&w=2 Conectiva Linux advisory: CLA-2004:808 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808 Debian Security Information: DSA-422 (Google Search) http://www.debian.org/security/2004/dsa-422 http://www.mandriva.com/security/advisories?name=MDKSA-2003:112 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866 http://www.redhat.com/support/errata/RHSA-2004-003.html http://www.redhat.com/support/errata/RHSA-2004-004.html http://secunia.com/advisories/10601 SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: cvs-module-file-manipulation(13929) https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com