SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(Slackware Issues Fix) CVS Server Piped Checkout Input Validation Flaw Discloses RCS Files to Remote Authenticated Users
SecurityTracker Alert ID:  1009859
SecurityTracker URL:  http://securitytracker.com/id/1009859
CVE Reference:   CAN-2004-0405   (Links to External Site)
Date:  Apr 19 2004
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.11.15
Description:   A vulnerability was reported in CVS. A remote authenticated user may be able to view arbitrary RCS files on the server.

It is reported that a remote authenticated user can invoke a piped checkout of paths above $CVSROOT to view the contents of RCS archive files anywhere on a CVS server. This flaw can reportedly be triggered using relative pathnames containing the '../' directory traversal strings.

Debian credited Derek Robert Price with discovering this flaw.

Impact:   A remote authenticated user can view RCS files located anywhere on the target system.
Solution:   Slackware has released a fix.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.15-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.15-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.15-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.15-i486-1.tgz

The MD5 signatures are:

Slackware 8.1 package:
e8ba67add4c86d0bd8b7dc1ce265752a cvs-1.11.15-i386-1.tgz

Slackware 9.0 package:
177b19dd98655f6811053f29286e4ab7 cvs-1.11.15-i386-1.tgz

Slackware 9.1 package:
80a99f7f4e2606d6c45ad60614cef81b cvs-1.11.15-i486-1.tgz

Slackware -current package:
6e6cbad9deab1a53c1543c72d0acad1c cvs-1.11.15-i486-1.tgz

Vendor URL:  www.cvshome.org/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:   Linux (Slackware)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2004 CVS Server Piped Checkout Input Validation Flaw Discloses RCS Files to Remote Authenticated Users



 Source Message Contents

Date:  Sun, 18 Apr 2004 16:40:41 -0700 (PDT)
Subject:  [slackware-security] cvs security update (SSA:2004-108-02)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  cvs security update (SSA:2004-108-02)

CVS is a client/server version control system.  As a server, it
is used to host source code repositories.  As a client, it is
used to access such repositories.  This advisory affects both uses
of CVS.

A security problem which could allow a server to create arbitrary
files on a client machine, and another security problem which may
allow a client to view files outside of the CVS repository have
been fixed with the release of cvs-1.11.15.

Any sites running CVS should upgrade to the new CVS package.


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Sat Apr 17 14:09:23 PDT 2004
patches/packages/cvs-1.11.15-i486-1.tgz:  Upgraded to cvs-1.11.15.
  Fixes two security problems (server creating arbitrary files on a client
  machine, and client viewing files outside of the CVS repository).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0405
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.15-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.15-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.15-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.15-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
e8ba67add4c86d0bd8b7dc1ce265752a  cvs-1.11.15-i386-1.tgz

Slackware 9.0 package:
177b19dd98655f6811053f29286e4ab7  cvs-1.11.15-i386-1.tgz

Slackware 9.1 package:
80a99f7f4e2606d6c45ad60614cef81b  cvs-1.11.15-i486-1.tgz

Slackware -current package:
6e6cbad9deab1a53c1543c72d0acad1c  cvs-1.11.15-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

First, shut down the cvs server if you are running one.

Then, upgrade the package:
# upgradepkg cvs-1.11.10-i486-1.tgz

Finally, restart the CVS server.


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAgbJSakRjwEAQIjMRAm2MAJ0dp/2OgYp9Bp9glVCncULikT9+EgCgkarc
C2lF1sQRWvJynY70L5hQP0Y=
=emVX
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC