SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(OpenBSD Issues Fix) CVS Path Validation Flaw in RCS Diff Files Lets Remote Servers Create Arbitrary Files on the Target Client's System
SecurityTracker Alert ID:  1010072
SecurityTracker URL:  http://securitytracker.com/id/1010072
CVE Reference:   CVE-2004-0180   (Links to External Site)
Date:  May 5 2004
Impact:   Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.11.15
Description:   A vulnerability was reported in CVS. A remote server can create arbitrary files on a connected user's system.

It is reported that a malicious CVS server can cause arbitrary files to be created or overwritten on a connected target user's system.

The vulnerability resides in the processing of pathnames in RCS diff files. When a target user performs a CVS checkout or update via the network, the target user's client will accept absolute path names.

Sebastian Krahmer is credited with discovering this flaw.

Impact:   A remote server can create or modify arbitrary files on a connected user's system.
Solution:   OpenBSD has issued the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

Vendor URL:  www.cvshome.org/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.3, 3.4, 3.5

Message History:   This archive entry is a follow-up to the message listed below.
Apr 14 2004 CVS Path Validation Flaw in RCS Diff Files Lets Remote Servers Create Arbitrary Files on the Target Client's System



 Source Message Contents

Subject:  cvs pathname validation vulnerabilities



Pathname validation problems have been found in cvs(1), allowing malicious
clients to create files outside the repository, allowing malicious servers
to overwrite files outside the local CVS tree on the client and allowing
clients to check out files outside the CVS repository.


CVE Ids        : CAN-2003-0977 CAN-2004-0180 CAN-2004-0405

The problems have been fixed in OpenBSD-current as well as the 3.5-stable,
3.4-stable and 3.3-stable branches.

Patches are available from:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

For more information, see:
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC