CVS Client RCS Diff File Corruption Vulnerability

BID:10138

Info

CVS Client RCS Diff File Corruption Vulnerability

Bugtraq ID: 10138
Class: Access Validation Error
CVE: CVE-2004-0180
Remote: Yes
Local: No
Published: Apr 14 2004 12:00AM
Updated: Jul 12 2009 04:06AM
Credit: Discovery of this vulnerability has been credited to Sebastian Krahmer.
Vulnerable: Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0
SGI ProPack 2.4
SGI ProPack 2.3
Redhat Fedora Core1
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux AS 2.1
Redhat cvs-1.11.2-10.i386.rpm
+ Redhat Linux 9.0 i386
Redhat Advanced Workstation for the Itanium Processor 2.1
Netwosix Netwosix Linux 1.1
Netwosix Netwosix Linux 1.0
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.10-PRERELEASE
CVS CVS 1.12.5
+ OpenPKG OpenPKG 2.0
CVS CVS 1.12.2
+ OpenPKG OpenPKG Current
CVS CVS 1.12.1
+ OpenPKG OpenPKG 1.3
CVS CVS 1.11.14
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
CVS CVS 1.11.11
CVS CVS 1.11.10
CVS CVS 1.11.6
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
CVS CVS 1.11.5
+ OpenPKG OpenPKG 1.2
+ S.u.S.E. Linux Personal 8.2
CVS CVS 1.11.4
CVS CVS 1.11.3
CVS CVS 1.11.2
+ Mandriva Linux Mandrake 9.0
+ Redhat Linux 8.0 i386
+ Redhat Linux 8.0
+ Slackware Linux 8.1
CVS CVS 1.11.1 p1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ OpenBSD OpenBSD 3.5
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.2 alpha
+ Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ Redhat Linux 7.1
+ Redhat Linux 7.0 sparc
+ Redhat Linux 7.0 i386
+ Redhat Linux 7.0 alpha
+ Redhat Linux 7.0
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2
+ SuSE Linux 8.1
+ SuSE Linux 8.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7+
CVS CVS 1.11.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
CVS CVS 1.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
CVS CVS 1.10.8
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
CVS CVS 1.10.7
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
Not Vulnerable: CVS CVS 1.12.7
CVS CVS 1.11.15

Discussion

CVS Client RCS Diff File Corruption Vulnerability

A vulnerability has been discovered in the CVS client. It is reported that a problem in the revision control system (RCS) diff files may allow an attacker to create an arbitrary file on a remote system. The file will be created with the privileges of the user who is invoking the CVS client.

Exploit / POC

CVS Client RCS Diff File Corruption Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

CVS Client RCS Diff File Corruption Vulnerability

Solution:
The vendor has released updates to address this and other issues. Fixes are linked below.

SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.

FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.

Red Hat has released an advisory (RHSA-2004:154-06) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

OpenPKG has released an advisory (OpenPKG-SA-2004.013) and fixes to address this issue. OpenPKG users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory. Fixes are linked below.

Red Hat has released an advisory (RHSA-2004:153-07) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE has released an advisory (SuSE-SA:2004:008) and fixes to address this issue. SuSE users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Red Hat has released an advisory (RHSA-2004:154-01) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released an advisory (MDKSA-2004:028) and fixes to address this issue. Mandrake users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.

Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"

Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.

OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.

Red Hat Fedora has released advisory FEDORA-2004-110 dealing with this issue. Please see the referenced advisory for further information.

SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.

Turbolinux has released advisory TLSA-2004-15 dealing with this issue. Please see the referenced advisory for further information.

Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.

An upgrade for CVS on the Immunix Linux platform has been released.


Redhat Fedora Core1

CVS CVS 1.11

CVS CVS 1.11.1 p1

CVS CVS 1.11.1

CVS CVS 1.11.10

CVS CVS 1.11.11

CVS CVS 1.11.14

CVS CVS 1.11.2

CVS CVS 1.11.3

CVS CVS 1.11.4

CVS CVS 1.11.5

CVS CVS 1.11.6

CVS CVS 1.12.1

CVS CVS 1.12.2

CVS CVS 1.12.5

SGI ProPack 2.3

SGI ProPack 2.4

SGI ProPack 3.0

FreeBSD FreeBSD 4.8 -RELENG

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD FreeBSD 4.8 -RELEASE-p7

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9

FreeBSD FreeBSD 4.9 -PRERELEASE

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report