Detections
Analytics

CVSTrac chdir() chroot Jail Escape

medium Nessus Plugin ID 14288

Language:

Synopsis

The remote web server is affected by a privilege escalation vulnerability.

Description

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS.

This version contains a flaw related to the chdir() function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web root.

***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.

Solution

Update to version 1.1.4 or later as this reportedly fixes the issue.

See Also

http://www.cvstrac.org/cvstrac/tktview?tn=111

http://www.cvstrac.org/cvstrac/chngview?cn=186

Plugin Details

Severity: Medium

ID: 14288

File Name: cvstrac_jail_escape.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 8/17/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

Vulnerability Publication Date: 8/27/2002