RHEL 2.1 : cvs (RHSA-2003:013)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated CVS packages are now available for Red Hat Linux Advanced
Server. These updates fix a vulnerability which would permit arbitrary
command execution on servers configured to allow anonymous read-only
access.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
2.1

CVS is a version control system frequently used to manage source code
repositories. During an audit of the CVS sources, Stefan Esser
discovered an exploitable double-free bug in the CVS server.

On servers which are configured to allow anonymous read-only access,
this bug could be used by anonymous users to gain write privileges.
Users with CVS write privileges can then use the Update-prog and
Checkin-prog features to execute arbitrary commands on the server.

All users of CVS are advised to upgrade to these packages which
contain patches to correct the double-free bug.

Our thanks go to Stefan Esser of e-matters for reporting this issue to
us.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0015.html
http://security.e-matters.de/advisories/012003.html
http://rhn.redhat.com/errata/RHSA-2003-013.html

Solution :

Update the affected cvs package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12351 ()

Bugtraq ID:

CVE ID: CVE-2003-0015