 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52772 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Legacy Security Advisory FLSA-2004:1207 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory FLSA-2004:1207. CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0977 to this issue. Another flaw was found that would allow the cvsd process to continue to run as root after a user login. Previously, any user with the ability to write the CVSROOT/passwd file could execute arbitrary code as the root user on systems with CVS pserver access enabled. Users of cvs should update to these update packages, which contain a backported security patch that corrects this issue. Fedora Legacy would like to thank Seth Vidal, Jason Rohwedder and Christian Pearce for providing a backported fix for Red Hat Linux 7.2, 7.3, and 8.0. Affected platforms: Redhat 7.2 Redhat 7.3 Redhat 8 Solution: https://secure1.securityspace.com/smysecure/catid.html?in=FLSA-2004:1207 http://ccvs.cvshome.org/servlets/NewsItemView?newsID=88 http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0977 Bugtraq: 20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs) (Google Search) http://marc.info/?l=bugtraq&m=107168035515554&w=2 Bugtraq: 20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107540163908129&w=2 Conectiva Linux advisory: CLA-2004:808 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808 Debian Security Information: DSA-422 (Google Search) http://www.debian.org/security/2004/dsa-422 http://www.mandriva.com/security/advisories?name=MDKSA-2003:112 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866 http://www.redhat.com/support/errata/RHSA-2004-003.html http://www.redhat.com/support/errata/RHSA-2004-004.html http://secunia.com/advisories/10601 SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc XForce ISS Database: cvs-module-file-manipulation(13929) https://exchange.xforce.ibmcloud.com/vulnerabilities/13929 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |