Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(OpenBSD Issues Fix) CVS Server Piped Checkout Input Validation Flaw Discloses RCS Files to Remote Authenticated Users
SecurityTracker Alert ID:  1010074
SecurityTracker URL:
CVE Reference:   CVE-2004-0405   (Links to External Site)
Date:  May 5 2004
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.11.15
Description:   A vulnerability was reported in CVS. A remote authenticated user may be able to view arbitrary RCS files on the server.

It is reported that a remote authenticated user can invoke a piped checkout of paths above $CVSROOT to view the contents of RCS archive files anywhere on a CVS server. This flaw can reportedly be triggered using relative pathnames containing the '../' directory traversal strings.

Debian credited Derek Robert Price with discovering this flaw.

Impact:   A remote authenticated user can view RCS files located anywhere on the target system.
Solution:   OpenBSD has issued the following patches:

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.3, 3.4, 3.5

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2004 CVS Server Piped Checkout Input Validation Flaw Discloses RCS Files to Remote Authenticated Users

 Source Message Contents

Subject:  cvs pathname validation vulnerabilities

Pathname validation problems have been found in cvs(1), allowing malicious
clients to create files outside the repository, allowing malicious servers
to overwrite files outside the local CVS tree on the client and allowing
clients to check out files outside the CVS repository.

CVE Ids        : CAN-2003-0977 CAN-2004-0180 CAN-2004-0405

The problems have been fixed in OpenBSD-current as well as the 3.5-stable,
3.4-stable and 3.3-stable branches.

Patches are available from:

For more information, see:


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC