CVS pserver Crafted Module Request Arbitrary File / Directory Creation

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.


Synopsis :

The revision control service running on the remote host has an
arbitrary file creation vulnerability.

Description :

According to its version number, the CVS server running on the remote
remote host may allow an attacker to create directories (and possibly
files) at the root of the filesystem where the CVS repository is located.

See also :

http://archives.neohapsis.com/archives/bugtraq/2003-12/0188.html

Solution :

Upgrade to CVS 1.11.10 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 11947 (cvs_dir_create.nasl)

Bugtraq ID: 9178

CVE ID: CVE-2003-0977

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial