Mandrake Linux Security Advisory : cvs (MDKSA-2003:112-1)

High Nessus Plugin ID 14094


The remote Mandrake Linux host is missing a security update.


A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository.

Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions.

Update :

The previous updates had an incorrect temporary directory hard-coded in the cvs binary for 9.1 and 9.2. This update corrects the problem.


Update the affected cvs package.

See Also

Plugin Details

Severity: High

ID: 14094

File Name: mandrake_MDKSA-2003-112.nasl

Version: $Revision: 1.19 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cvs, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/12/10

Reference Information

CVE: CVE-2003-0977

MDKSA: 2003:112-1