Detections
Analytics

CVS pserver CVSROOT Passwd File Arbitrary Code Execution

high Nessus Network Monitor Plugin ID 1181

Synopsis

An attacker may execute arbitrary commands on the remote system.

Description

The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system as cvs does not drop root privileges properly.

Solution

Upgrade to most recent version of CVS.

See Also

http://www.nessus.org/u?b3bb9c46

Plugin Details

Severity: High

ID: 1181

Family: Generic

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11970

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Reference Information

BID: 9306