[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] cvs remote exploit
- To: linux-security
- Subject: [linux-security] cvs remote exploit
- From: Martin Siegert <siegert@sfu.ca>
- Date: Fri, 28 Feb 2003 19:17:14 -0800
- User-Agent: Mutt/1.4i
Topic
=====
remote exploit in cvs
Problem Description
===================
Concurrent Versions System (CVS) is the dominant open-source version
control software that allows developers to access the latest code using
a network connection. Two problems exist with CVS versions 1.11.4 and
earlier:
The first is an exploitable double free() bug within the server, which
can be used to execute arbitray code on the CVS server. To accomplish
this, the attacker must have an anonymous read-only login to the CVS
server. The second vulnerability is with the Checkin-prog and
Update-prog commands. If a client has write permission, he can use
these commands to execute programs outside of the scope of CVS, the
output of which will be sent as output to the client.
Affected Versions
=================
cvs-1.11.4 and earlier
Solution
========
upgrade to version 1.11.5 (or patched version for your distribution)
RedHat 6.x
----------
rpm -Fvh cvs-1.11.1p1-8.6.i386.rpm
RedHat 7.x
----------
rpm -Fvh cvs-1.11.1p1-8.7.src.rpm
RedHat 8.0
----------
rpm -Fvh cvs-1.11.2-8.i386.rpm
Debian 2.2 (potato)
-------------------
upgrade to cvs_1.10.7-9.2_i386.deb
Debian 3.0 (woody)
------------------
upgrade to cvs_1.11.1p1debian-8.1_i386.deb
Mandrake 7.2, 8.x, 9.0
----------------------
rpm -Fvh cvs-1.11.4-2.2mdk.i586.rpm
SuSE-7.1
--------
rpm -Fvh cvs-1.11-230.i386.rpm
SuSE-7.2
--------
rpm -Fvh cvs-1.11-231.i386.rpm
SuSE-7.3
--------
rpm -Fvh cvs-1.11-230.i386.rpm
SuSE-8.0
--------
rpm -Fvh cvs-1.11.1p1-235.i386.rpm
SuSE-8.1
--------
rpm -Fvh cvs-1.11.1p1-235.i586.rpm
Caldera OpenLinux 3.1, 3.1.1 Server, Workstation
------------------------------------------------
rpm -Fvh cvs-1.11-9.i386.rpm cvs-doc-ps-1.11-9.i386.rpm