SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(OpenBSD Issues Fix) CVS Input Validation Flaw May Let Remote Users Send Malformed Module Requests to Create Root Directories and Files
SecurityTracker Alert ID:  1010073
SecurityTracker URL:  http://securitytracker.com/id/1010073
CVE Reference:   CVE-2003-0977   (Links to External Site)
Date:  May 5 2004
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.11.10
Description:   A vulnerability was reported in CVS. A remote user may be able to cause CVS to create files and directories in the root directory.

It is reported that a remote user can submit a specially crafted and malformed module request that may cause the CVS server to attempt to create directories and possibly files at the root of the filesystem where the CVS repository is located. The report indicates that the permissions of the underlying filesystem will usually prevent the creation of these "misplaced directories."

The vendor reports that there are no known exploits for this flaw.

Impact:   A remote user may be able to cause CVS to create directories and potentially files in the filesystem root directory.
Solution:   OpenBSD has issued the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

Vendor URL:  ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1 (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.3, 3.4, 3.5

Message History:   This archive entry is a follow-up to the message listed below.
Dec 9 2003 CVS Input Validation Flaw May Let Remote Users Send Malformed Module Requests to Create Root Directories and Files



 Source Message Contents

Subject:  cvs pathname validation vulnerabilities



Pathname validation problems have been found in cvs(1), allowing malicious
clients to create files outside the repository, allowing malicious servers
to overwrite files outside the local CVS tree on the client and allowing
clients to check out files outside the CVS repository.


CVE Ids        : CAN-2003-0977 CAN-2004-0180 CAN-2004-0405

The problems have been fixed in OpenBSD-current as well as the 3.5-stable,
3.4-stable and 3.3-stable branches.

Patches are available from:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

For more information, see:
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC