CVS Unsafe Temporary Files in 'cvsbug' May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1014857 |
|
SecurityTracker URL: http://securitytracker.com/id/1014857
|
|
CVE Reference:
CVE-2005-2693
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Sep 6 2005
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.12.12 and prior versions
|
Description:
A vulnerability was reported in CVS. A local user may be able to obtain elevated privileges on the target system.
The cvsbug application uses temporary files in an unsafe manner. A local user can cause arbitrary instructions to be executed when a target user runs cvsbug. The instructions will executed with the privileges of the user running cvsbug.
Josh Bressers reported this vulnerability.
|
Impact:
A local user may be able to obtain the privileges of the user running 'cvsbug' on the target system.
|
Solution:
No upstream solution was available at the time of the original entry.
Red Hat has issued a fix for Red Hat Enterprise Linux:
https://rhn.redhat.com/errata/RHSA-2005-756.html
FreeBSD has issued a fix for FreeBSD:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
|
Vendor URL: www.nongnu.org/cvs/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 6 Sep 2005 14:51:17 -0400
Subject: CVS vulnerability
|
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366
CVE: CAN-2005-2693
|
|
