SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(Fedora Issues Fix) CVS Path Validation Flaw in RCS Diff Files Lets Remote Servers Create Arbitrary Files on the Target Client's System
SecurityTracker Alert ID:  1010199
SecurityTracker URL:  http://securitytracker.com/id/1010199
CVE Reference:   CVE-2004-0180   (Links to External Site)
Date:  May 18 2004
Impact:   Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.11.15-1
Description:   A vulnerability was reported in CVS. A remote server can create arbitrary files on a connected user's system.

It is reported that a malicious CVS server can cause arbitrary files to be created or overwritten on a connected target user's system.

The vulnerability resides in the processing of pathnames in RCS diff files. When a target user performs a CVS checkout or update via the network, the target user's client will accept absolute path names.

Sebastian Krahmer is credited with discovering this flaw.

Impact:   A remote server can create or modify arbitrary files on a connected user's system.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

a4f1dea17be76c29ad0bdeff09a80bba SRPMS/cvs-1.11.15-1.src.rpm
a356c7be00016bd9594462eb7e8041dc i386/cvs-1.11.15-1.i386.rpm
4d9ce4478aa261890870c5eca81320bf i386/debug/cvs-debuginfo-1.11.15-1.i386.rpm
dc36b21f10740253a6927f815c8a28ff x86_64/cvs-1.11.15-1.x86_64.rpm
f2601fe6b89fb6ff9136e46e02b8880b x86_64/debug/cvs-debuginfo-1.11.15-1.x86_64.rpm

Vendor URL:  www.cvshome.org/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Red Hat Fedora)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 14 2004 CVS Path Validation Flaw in RCS Diff Files Lets Remote Servers Create Arbitrary Files on the Target Client's System



 Source Message Contents

Subject:  [SECURITY] Fedora Core 1 Update: cvs-1.11.15-1


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-110
2004-04-22
---------------------------------------------------------------------

Name        : cvs
Version     : 1.11.15                      
Release     : 1                  
Summary     : A version control system.
Description :
CVS (Concurrent Version System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.

CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.

---------------------------------------------------------------------
Update Information:

The client for CVS before 1.11.15 allows a remote malicious CVS server
to create arbitrary files using certain RCS diff files that use
absolute pathnames during checkouts or updates.

Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.

---------------------------------------------------------------------

* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.15-1

- update to 1.11.15, fixing CAN-2004-0180 (#120969)

* Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.14-1

- update to 1.11.14

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Wed Jan 07 2004 Nalin Dahyabhai <nalin@redhat.com> 1.11.11-1

- turn kserver, which people shouldn't use any more, back on

* Tue Dec 30 2003 Nalin Dahyabhai <nalin@redhat.com>

- update to 1.11.11

* Thu Dec 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.11.10-1

- update to 1.11.10


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

a4f1dea17be76c29ad0bdeff09a80bba  SRPMS/cvs-1.11.15-1.src.rpm
a356c7be00016bd9594462eb7e8041dc  i386/cvs-1.11.15-1.i386.rpm
4d9ce4478aa261890870c5eca81320bf  i386/debug/cvs-debuginfo-1.11.15-1.i386.rpm
dc36b21f10740253a6927f815c8a28ff  x86_64/cvs-1.11.15-1.x86_64.rpm
f2601fe6b89fb6ff9136e46e02b8880b  x86_64/debug/cvs-debuginfo-1.11.15-1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC