Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0977

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0977
Last Modified 21 Aug 2010 12:17:28
Published 05 Jan 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0977

Summary

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

Vulnerable Systems

Operating System

  • Slackware Linux 8.1

  • Slackware Linux 9.0

  • Slackware Linux 9.1

Application

  • Cvs 1.10.7

  • Cvs 1.10.8

  • Cvs 1.11

  • Cvs 1.11.1

  • Cvs 1.11.1 P1

  • Cvs 1.11.2

  • Cvs 1.11.3

  • Cvs 1.11.4

  • Cvs 1.11.5

  • Cvs 1.11.6


References

DEBIAN - DSA-422

CONFIRM - http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1

XF - cvs-module-file-manipulation(13929)

REDHAT - RHSA-2004:004

REDHAT - RHSA-2004:003

SGI - 20040103-01-U

MANDRAKE - MDKSA-2003:112

SECUNIA - 10601

BUGTRAQ - 20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability

BUGTRAQ - 20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)

CONECTIVA - CLA-2004:808

SGI - 20040202-01-U


Last Updated: 27 May 2016 10:38:07