This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200404-13
(CVS Server and Client Vulnerabilities)
There are two vulnerabilities in CVS
one in the server and one in the
client. The server vulnerability allows a malicious client to request
the contents of any RCS file to which the server has permission, even
those not located under $CVSROOT. The client vulnerability allows a
malicious server to overwrite files on the client machine anywhere the
client has permissions.
Arbitrary files may be read or written on CVS clients and servers by
anybody with access to the CVS tree.
There is no known workaround at this time. All users are encouraged to
upgrade to the latest stable version of CVS.
See also :
All CVS users should upgrade to the latest stable version.
# emerge sync
# emerge -pv '>=dev-util/cvs-1.11.15'
# emerge '>=dev-util/cvs-1.11.15'
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 14478 (gentoo_GLSA-200404-13.nasl)
CVE ID: CVE-2004-0180CVE-2004-0405
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.