SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(Slackware Issues Fix) Concurrent Versions System (CVS) Double-Free Bug Lets Remote Users Execute Arbitrary Code on the System
SecurityTracker Alert ID:  1005968
SecurityTracker URL:  http://securitytracker.com/id/1005968
CVE Reference:   CVE-2003-0015   (Links to External Site)
Date:  Jan 23 2003
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.11.4 and prior versions
Description:   A vulnerability was reported in Concurrent Versions System (CVS). A remote user can execute arbitrary code on the system to gain access to the server.

e-matters reported that a remote user can send a malformed directory name as part of a Directory request to cause a global pointer variable to be freed with no value subsequently assigned to the variable. When the next Directory request is processed, the unassigned variable may be freed.

A remote user can exploit this to execute arbitrary code or shell commands. The privileges that the code will execute with depend on the configuration of the server. In some cases, the code may run with root privileges. According to the report, if the CVSROOT/passwd is left writeable to the CVS user, a remote root compromise can occur.

It is also reported that a remote authenticated user with write access can invoke the Update-prog and Checkin-prog commands to execute arbitrary shell commands on the server. According to the report, this feature is not well documented and may be unknown to most administrators. In addition, it reportedly cannot be disabled in the configuration files.

Impact:   A remote user may be able to execute arbitrary code on the system. The code will run with privileges that depend on the configuration of the system.
Solution:   Slackware has released a fix.

Updated cvs package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz

Updated cvs package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.5-i386-1.tgz

The MD5 checksums are:

Slackware 8.1:

37d76c774c9474bf0117d429d6c3740e cvs-1.11.5-i386-1.tgz

Slackware -current:

c43d82187dfa695aa53aaf5b4d3050a1 cvs-1.11.5-i386-1.tgz

Vendor URL:  ccvs.cvshome.org/servlets/NewsItemView?newsID=51 (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Linux (Slackware)
Underlying OS Comments:  8.1

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2003 Concurrent Versions System (CVS) Double-Free Bug Lets Remote Users Execute Arbitrary Code on the System



 Source Message Contents

Subject:  [slackware-security] New CVS packages available



New cvs packages are available to fix a security vulnerability.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Tue Jan 21 13:12:20 PST 2003
patches/packages/cvs-1.11.5-i386-1.tgz:  Upgraded to cvs-1.11.5.
   This release fixes a major security vulnerability in the CVS server
   by which users with read only access could gain write access.
   Details should be available at this URL (but don't seem to be yet):
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
   (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated cvs package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz

Updated cvs package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.5-i386-1.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 8.1:
37d76c774c9474bf0117d429d6c3740e  cvs-1.11.5-i386-1.tgz

Slackware -current:
c43d82187dfa695aa53aaf5b4d3050a1  cvs-1.11.5-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new cvs.tgz package:
# upgradepkg cvs.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC