This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated CVS packages are now available for Red Hat Linux Advanced
Server. These updates fix a vulnerability which would permit arbitrary
command execution on servers configured to allow anonymous read-only
[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
CVS is a version control system frequently used to manage source code
repositories. During an audit of the CVS sources, Stefan Esser
discovered an exploitable double-free bug in the CVS server.
On servers which are configured to allow anonymous read-only access,
this bug could be used by anonymous users to gain write privileges.
Users with CVS write privileges can then use the Update-prog and
Checkin-prog features to execute arbitrary commands on the server.
All users of CVS are advised to upgrade to these packages which
contain patches to correct the double-free bug.
Our thanks go to Stefan Esser of e-matters for reporting this issue to
See also :
Update the affected cvs package.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12351 ()
CVE ID: CVE-2003-0015
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.