Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CVS < 1.11.10 / 1.12.3 pserver Crafted Module Request Arbitrary File / Directory Creation

Medium

Synopsis

The remote host allows unauthorized users to create or modify files/directories.

Description

The remote CVS server, according to its version number, may allow an attacker to create directories and possibly files at the root of the filesystem holding the CVS repository.

Solution

Upgrade CVS to 1.11.10, 1.12.3 or later.