CVS < 1.11.10 / 1.12.3 pserver Crafted Module Request Arbitrary File / Directory Creation

medium Nessus Network Monitor Plugin ID 1180

Synopsis

The remote host allows unauthorized users to create or modify files/directories.

Description

The remote CVS server, according to its version number, may allow an attacker to create directories and possibly files at the root of the filesystem holding the CVS repository.

Solution

Upgrade CVS to 1.11.10, 1.12.3 or later.

See Also

http://archives.neohapsis.com/archives/bugtraq/2003-12/0188.html

Plugin Details

Severity: Medium

ID: 1180

Family: Generic

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11947

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cvs:cvs

Reference Information

CVE: CVE-2003-0977

BID: 9178