CVS < 1.11.10 / 1.12.3 pserver Crafted Module Request Arbitrary File / Directory Creation

Medium Nessus Network Monitor Plugin ID 1180

Synopsis

The remote host allows unauthorized users to create or modify files/directories.

Description

The remote CVS server, according to its version number, may allow an attacker to create directories and possibly files at the root of the filesystem holding the CVS repository.

Solution

Upgrade CVS to 1.11.10, 1.12.3 or later.

See Also

http://archives.neohapsis.com/archives/bugtraq/2003-12/0188.html

Plugin Details

Severity: Medium

ID: 1180

Family: Generic

Published: 2004/08/20

Modified: 2016/01/21

Nessus ID: 11947

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2003-0977

BID: 9178