(OpenBSD Issues Fix) CVS Input Validation Flaw May Let Remote Users Send Malformed Module Requests to Create Root Directories and Files - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > CVS

Vendors: GNU [multiple authors]

(OpenBSD Issues Fix) CVS Input Validation Flaw May Let Remote Users Send Malformed Module Requests to Create Root Directories and Files

SecurityTracker Alert ID: 1010073

SecurityTracker URL: http://securitytracker.com/id/1010073

CVE Reference: CAN-2003-0977 (Links to External Site)

Date: May 5 2004

Impact: Modification of system information, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 1.11.10

Description: A vulnerability was reported in CVS. A remote user may be able to cause CVS to create files and directories in the root directory.

It is reported that a remote user can submit a specially crafted and malformed module request that may cause the CVS server to attempt to create directories and possibly files at the root of the filesystem where the CVS repository is located. The report indicates that the permissions of the underlying filesystem will usually prevent the creation of these "misplaced directories."

The vendor reports that there are no known exploits for this flaw.

Impact: A remote user may be able to cause CVS to create directories and potentially files in the filesystem root directory.

Solution: OpenBSD has issued the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

Vendor URL: ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1 (Links to External Site)

Cause: Input validation error

Underlying OS: UNIX (OpenBSD)

Message History: This archive entry is a follow-up to the message listed below.

CVS Input Validation Flaw May Let Remote Users Send Malformed Module Requests to Create Root Directories and Files

Source Message Contents

Date: Wed, 5 May 2004 09:42:38 +0200 (CEST)
Subject: cvs pathname validation vulnerabilities



Pathname validation problems have been found in cvs(1), allowing malicious
clients to create files outside the repository, allowing malicious servers
to overwrite files outside the local CVS tree on the client and allowing
clients to check out files outside the CVS repository.


CVE Ids        : CAN-2003-0977 CAN-2004-0180 CAN-2004-0405

The problems have been fixed in OpenBSD-current as well as the 3.5-stable,
3.4-stable and 3.3-stable branches.

Patches are available from:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

For more information, see:
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
    http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC