CVS Server Piped Checkout Access Validation Vulnerability
BID:10140
Info
CVS Server Piped Checkout Access Validation Vulnerability
| Bugtraq ID: | 10140 |
| Class: | Access Validation Error |
| CVE: |
CVE-2004-0405 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | This issue was discovered by Derek Robert Price. |
| Vulnerable: |
Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux -current SGI ProPack 3.0 SGI ProPack 2.4 SGI ProPack 2.3 Netwosix Netwosix Linux 1.1 Netwosix Netwosix Linux 1.0 FreeBSD FreeBSD 4.9 -PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 -RELENG FreeBSD FreeBSD 4.8 -RELEASE-p7 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 -STABLE FreeBSD FreeBSD 4.7 -RELENG FreeBSD FreeBSD 4.7 -RELEASE-p17 FreeBSD FreeBSD 4.7 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 -STABLE FreeBSD FreeBSD 4.6 -RELENG FreeBSD FreeBSD 4.6 -RELEASE-p20 FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 FreeBSD FreeBSD 4.5 -STABLE FreeBSD FreeBSD 4.5 -RELENG FreeBSD FreeBSD 4.5 -RELEASE-p32 FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 -STABLE FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELEASE-p42 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 -STABLE FreeBSD FreeBSD 4.3 -RELENG FreeBSD FreeBSD 4.3 -RELEASE-p38 FreeBSD FreeBSD 4.3 -RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 -STABLEpre122300 FreeBSD FreeBSD 4.2 -STABLEpre050201 FreeBSD FreeBSD 4.2 -STABLE FreeBSD FreeBSD 4.2 -RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 -RELENG FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 4.10-PRERELEASE CVS CVS 1.12.2 CVS CVS 1.12.1 CVS CVS 1.11.14 CVS CVS 1.11.11 CVS CVS 1.11.10 CVS CVS 1.11.6 CVS CVS 1.11.5 CVS CVS 1.11.4 CVS CVS 1.11.3 CVS CVS 1.11.2 CVS CVS 1.11.1 p1 CVS CVS 1.11.1 CVS CVS 1.11 CVS CVS 1.10.8 CVS CVS 1.10.7 |
| Not Vulnerable: |
CVS CVS 1.12.7 CVS CVS 1.11.15 |
Discussion
CVS Server Piped Checkout Access Validation Vulnerability
CVS server has been reported prone to an access validation vulnerability. It is reported that the CVS server does not sufficiently validate piped checkouts. The CVS server may honor a request for a piped checkout for a path that resides outside of the cvsroot.
Data that is harvested in this manner may be used to aid in further attacks that are launched against the target server.
CVS server has been reported prone to an access validation vulnerability. It is reported that the CVS server does not sufficiently validate piped checkouts. The CVS server may honor a request for a piped checkout for a path that resides outside of the cvsroot.
Data that is harvested in this manner may be used to aid in further attacks that are launched against the target server.
Exploit / POC
CVS Server Piped Checkout Access Validation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
CVS Server Piped Checkout Access Validation Vulnerability
Solution:
The vendor has released upgrades to address this and other issues.
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.
Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.
Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"
Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.
OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.
Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.
CVS CVS 1.11
CVS CVS 1.11.1 p1
CVS CVS 1.11.1
CVS CVS 1.11.10
CVS CVS 1.11.11
CVS CVS 1.11.14
CVS CVS 1.11.2
CVS CVS 1.11.3
CVS CVS 1.11.4
CVS CVS 1.11.5
CVS CVS 1.11.6
CVS CVS 1.12.1
CVS CVS 1.12.2
SGI ProPack 2.3
SGI ProPack 2.4
SGI ProPack 3.0
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.9 -PRERELEASE
Solution:
The vendor has released upgrades to address this and other issues.
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.
Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.
Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"
Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.
OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.
Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.
CVS CVS 1.11
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.1 p1
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Debian cvs_1.11.1p1debian-9woody2_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_alpha.deb -
Debian cvs_1.11.1p1debian-9woody2_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_arm.deb -
Debian cvs_1.11.1p1debian-9woody2_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_hppa.deb -
Debian cvs_1.11.1p1debian-9woody2_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_i386.deb -
Debian cvs_1.11.1p1debian-9woody2_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_ia64.deb -
Debian cvs_1.11.1p1debian-9woody2_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_m68k.deb -
Debian cvs_1.11.1p1debian-9woody2_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_mips.deb -
Debian cvs_1.11.1p1debian-9woody2_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_mipsel.deb -
Debian cvs_1.11.1p1debian-9woody2_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_powerpc.deb -
Debian cvs_1.11.1p1debian-9woody2_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_s390.deb -
Debian cvs_1.11.1p1debian-9woody2_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian- 9woody2_sparc.deb -
OpenBSD 002_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch -
OpenBSD 017_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch -
OpenBSD 022_cvs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch -
RedHat cvs-1.11.1p1-14.legacy.3.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cvs-1.11.1p1- 14.legacy.3.i386.rpm
CVS CVS 1.11.1
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.10
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.11
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.14
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.2
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
RedHat cvs-1.11.2-23.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cvs-1.11.2-23.l egacy.i386.rpm
CVS CVS 1.11.3
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.4
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466
CVS CVS 1.11.5
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Slackware cvs-1.11.15-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/c vs-1.11.15-i386-1.tgz
CVS CVS 1.11.6
-
CVS cvs-1.11.15.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=466 -
Slackware cvs-1.11.15-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/c vs-1.11.15-i486-1.tgz
CVS CVS 1.12.1
-
CVS cvs-1.12.7.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=468
CVS CVS 1.12.2
-
CVS cvs-1.12.7.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&d lID=468
SGI ProPack 2.3
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0067.tar.gz
SGI ProPack 2.4
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0067.tar.gz
SGI ProPack 3.0
-
SGI patch10075.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/
FreeBSD FreeBSD 4.8 -RELENG
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.8 -PRERELEASE
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.8 -RELEASE-p7
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.8
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.9
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
FreeBSD FreeBSD 4.9 -PRERELEASE
-
FreeBSD cvs.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
References
CVS Server Piped Checkout Access Validation Vulnerability
References:
References:
- CVS Home Page (CVS)
- CVS Release Notes (CVS)
- RHSA-2004:153-09 - Updated CVS packages fix security issue (RedHat)