Mandrake Linux Security Advisory : cvs (MDKSA-2004:028)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Sebastian Krahmer from the SUSE security team discovered a remotely
exploitable vulnerability in the CVS client. When doing a cvs checkout
or update over a network, the client accepts absolute pathnames in the
RCS diff files. A maliciously configured server could then create any
file with content on the local user's disk. This problem affects all
versions of CVS prior to 1.11.15 which has fixed the problem.

The updated packages provide 1.11.14 with the pertinent fix for the
problem.

Solution :

Update the affected cvs package.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14127 (mandrake_MDKSA-2004-028.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0180

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now