This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated cvs packages that fix a client vulnerability that could be
exploited by a malicious server are now available.
[Updated Apr 19 2004] The description text has been updated to include
CVE-2004-0405 which was also fixed but not mentioned when this
advisory was first released. There has been no change to the packages
associated with this advisory.
CVS is a version control system frequently used to manage source code
Sebastian Krahmer discovered a flaw in CVS clients where rcs diff
files can create files with absolute pathnames. An attacker could
create a fake malicious CVS server that would cause arbitrary files to
be created or overwritten when a victim connects to it. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0180 to this issue.
Derek Price discovered a vulnerability whereby a CVS pserver could be
abused by a malicious client to view the contents of certain files
outside of the CVS root directory using relative pathnames containing
'../'. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0405 to this issue.
Users of CVS are advised to upgrade to these erratum packages, which
contain a patch correcting this issue.
See also :
Update the affected cvs package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12484 ()
CVE ID: CVE-2004-0180CVE-2004-0405
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.