Detections
Analytics

Debian DSA-117-1 : cvs - improper variable initialization

medium Nessus Plugin ID 14954

Synopsis

The remote Debian host is missing a security-related update.

Description

Kim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running under a remote user id. It is not yet clear if the remote account can be exposed, though.

Solution

Upgrade the CVS package.

This problem has been fixed in version 1.10.7-9 for the stable Debian distribution with help of Niels Heinen and in versions newer than 1.11.1p1debian-3 for the testing and unstable distribution of Debian (not yet uploaded, though).

See Also

http://www.debian.org/security/2002/dsa-117

Plugin Details

Severity: Medium

ID: 14954

File Name: debian_DSA-117.nasl

Version: 1.16

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:cvs, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/5/2002

Reference Information

CVE: CVE-2002-0092

DSA: 117