hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Cvs Client Rcs Diff File Corruption Vulnerability
GovernmentSecurity.org > The Archives > Exploit Articles
mortello
Jun 8 2004, 03:39 PM
CODE
bugtraq id 10138
object  
class Access Validation Error
cve CAN-2004-0180

remote Yes
local No
published Apr 14, 2004
updated Jun 04, 2004
vulnerable CVS CVS 1.10.7
  + Debian Linux 2.2
  + Debian Linux 2.2 68k
  + Debian Linux 2.2 alpha
  + Debian Linux 2.2 arm
  + Debian Linux 2.2 IA-32
  + Debian Linux 2.2 powerpc
  + Debian Linux 2.2 sparc
CVS CVS 1.10.8
  + Conectiva Linux 6.0
  + MandrakeSoft Linux Mandrake 7.2
  + MandrakeSoft Single Network Firewall 7.2
CVS CVS 1.11
  + Caldera OpenLinux Server 3.1
  + Caldera OpenLinux Server 3.1.1
  + Caldera OpenLinux Workstation 3.1
  + Caldera OpenLinux Workstation 3.1.1
  + Conectiva Linux 7.0
  + Conectiva Linux 8.0
  + MandrakeSoft Linux Mandrake 8.0
  + MandrakeSoft Linux Mandrake 8.0 ppc
CVS CVS 1.11.1 p1
  + Debian Linux 3.0
  + Debian Linux 3.0 alpha
  + Debian Linux 3.0 arm
  + Debian Linux 3.0 hppa
  + Debian Linux 3.0 ia-32
  + Debian Linux 3.0 ia-64
  + Debian Linux 3.0 m68k
  + Debian Linux 3.0 mips
  + Debian Linux 3.0 mipsel
  + Debian Linux 3.0 ppc
  + Debian Linux 3.0 s/390
  + Debian Linux 3.0 sparc
  + OpenBSD OpenBSD 3.1
  + OpenBSD OpenBSD 3.2
  + OpenBSD OpenBSD 3.3
  + OpenBSD OpenBSD 3.4
  + OpenBSD OpenBSD 3.5
  + RedHat Linux 6.2
  + RedHat Linux 6.2 i386
  + RedHat Linux 6.2 sparc
  + RedHat Linux 7.0
  + RedHat Linux 7.0 alpha
  + RedHat Linux 7.0 i386
  + RedHat Linux 7.0 sparc
  + RedHat Linux 7.1
  + RedHat Linux 7.1 alpha
  + RedHat Linux 7.1 i386
  + RedHat Linux 7.1 ia64
  + RedHat Linux 7.2
  + RedHat Linux 7.2 alpha
  + RedHat Linux 7.2 i386
  + RedHat Linux 7.2 ia64
  + RedHat Linux 7.3
  + RedHat Linux 7.3 i386
  + S.u.S.E. Linux 8.0
  + S.u.S.E. Linux 8.1
  + Wirex Immunix OS 7+
  + Wirex Immunix OS 7.0
CVS CVS 1.11.1
  + MandrakeSoft Linux Mandrake 8.1
  + MandrakeSoft Linux Mandrake 8.1 ia64
  + MandrakeSoft Linux Mandrake 8.2
  + MandrakeSoft Linux Mandrake 8.2 ppc
CVS CVS 1.11.2
  + MandrakeSoft Linux Mandrake 9.0
  + RedHat Linux 8.0
  + RedHat Linux 8.0 i386
  + Slackware Linux 8.1
CVS CVS 1.11.3
CVS CVS 1.11.4
CVS CVS 1.11.5
  + OpenPKG OpenPKG 1.2
  + S.u.S.E. Linux 8.2
CVS CVS 1.11.6
  + S.u.S.E. Linux 9.0
  + S.u.S.E. Linux 9.0 x86_64
CVS CVS 1.11.10
CVS CVS 1.11.11
CVS CVS 1.11.14
  + MandrakeSoft Corporate Server 2.1
  + MandrakeSoft Corporate Server 2.1 x86_64
  + MandrakeSoft Linux Mandrake 9.1
  + MandrakeSoft Linux Mandrake 9.1 ppc
  + MandrakeSoft Linux Mandrake 9.2
  + MandrakeSoft Linux Mandrake 9.2 amd64
  + MandrakeSoft Linux Mandrake 10.0
CVS CVS 1.12.1
  + OpenPKG OpenPKG 1.3
CVS CVS 1.12.2
  + OpenPKG OpenPKG Current
CVS CVS 1.12.5
  + OpenPKG OpenPKG 2.0
FreeBSD FreeBSD 4.10-PRERELEASE
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
Netwosix Netwosix Linux 1.0
Netwosix Netwosix Linux 1.1
RedHat Advanced Workstation for the Itanium Processor 2.1
RedHat cvs-1.11.2-10.i386.rpm
  + RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
RedHat Fedora Core1
SGI ProPack 2.3
SGI ProPack 2.4
SGI ProPack 3.0
Slackware Linux -current
Slackware Linux 8.1
Slackware Linux 9.0
Slackware Linux 9.1

not vulnerable CVS CVS 1.11.15
CVS CVS 1.12.7

A vulnerability has been discovered in the CVS client. It is reported that a problem in the revision control system (RCS) diff files may allow an attacker to create an arbitrary file on a remote system. The file will be created with the privileges of the user who is invoking the CVS client.

Check source for solutions

source : http://www.securityfocus.com/bid/10138/info/
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.