Detections
Analytics

CVS pserver Crafted Module Request Arbitrary File / Directory Creation

medium Nessus Plugin ID 11947

Language:

Synopsis

The revision control service running on the remote host has an arbitrary file creation vulnerability.

Description

According to its version number, the CVS server running on the remote remote host may allow an attacker to create directories (and possibly files) at the root of the filesystem where the CVS repository is located.

Solution

Upgrade to CVS 1.11.10 or later.

See Also

https://seclists.org/bugtraq/2003/Dec/183

Plugin Details

Severity: Medium

ID: 11947

File Name: cvs_dir_create.nasl

Version: 1.19

Type: remote

Family: Misc.

Published: 12/11/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/9/2003

Reference Information

CVE: CVE-2003-0977

BID: 9178

MDKSA: MDKSA-2003:112-1