CVS Server Piped Checkout Access Validation Vulnerability

BID:10140

Info

CVS Server Piped Checkout Access Validation Vulnerability

Bugtraq ID: 10140
Class: Access Validation Error
CVE: CVE-2004-0405
Remote: Yes
Local: No
Published: Apr 14 2004 12:00AM
Updated: Jul 12 2009 04:06AM
Credit: This issue was discovered by Derek Robert Price.
Vulnerable: Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0
SGI ProPack 2.4
SGI ProPack 2.3
Netwosix Netwosix Linux 1.1
Netwosix Netwosix Linux 1.0
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.10-PRERELEASE
CVS CVS 1.12.2
+ OpenPKG OpenPKG Current
CVS CVS 1.12.1
+ OpenPKG OpenPKG 1.3
CVS CVS 1.11.14
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
CVS CVS 1.11.11
CVS CVS 1.11.10
CVS CVS 1.11.6
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
CVS CVS 1.11.5
+ OpenPKG OpenPKG 1.2
+ S.u.S.E. Linux Personal 8.2
CVS CVS 1.11.4
CVS CVS 1.11.3
CVS CVS 1.11.2
+ Mandriva Linux Mandrake 9.0
+ Redhat Linux 8.0 i386
+ Redhat Linux 8.0
+ Slackware Linux 8.1
CVS CVS 1.11.1 p1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ OpenBSD OpenBSD 3.5
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.2 alpha
+ Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ Redhat Linux 7.1
+ Redhat Linux 7.0 sparc
+ Redhat Linux 7.0 i386
+ Redhat Linux 7.0 alpha
+ Redhat Linux 7.0
+ Redhat Linux 6.2 sparc
+ Redhat Linux 6.2 i386
+ Redhat Linux 6.2
+ SuSE Linux 8.1
+ SuSE Linux 8.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7+
CVS CVS 1.11.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
CVS CVS 1.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
CVS CVS 1.10.8
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
CVS CVS 1.10.7
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
Not Vulnerable: CVS CVS 1.12.7
CVS CVS 1.11.15

Discussion

CVS Server Piped Checkout Access Validation Vulnerability

CVS server has been reported prone to an access validation vulnerability. It is reported that the CVS server does not sufficiently validate piped checkouts. The CVS server may honor a request for a piped checkout for a path that resides outside of the cvsroot.

Data that is harvested in this manner may be used to aid in further attacks that are launched against the target server.

Exploit / POC

CVS Server Piped Checkout Access Validation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

CVS Server Piped Checkout Access Validation Vulnerability

Solution:
The vendor has released upgrades to address this and other issues.

SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.

FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.

Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.

Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"

Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.

OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.

SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.

Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.


CVS CVS 1.11

CVS CVS 1.11.1 p1

CVS CVS 1.11.1

CVS CVS 1.11.10

CVS CVS 1.11.11

CVS CVS 1.11.14

CVS CVS 1.11.2

CVS CVS 1.11.3

CVS CVS 1.11.4

CVS CVS 1.11.5

CVS CVS 1.11.6

CVS CVS 1.12.1

CVS CVS 1.12.2

SGI ProPack 2.3

SGI ProPack 2.4

SGI ProPack 3.0

FreeBSD FreeBSD 4.8 -RELENG

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD FreeBSD 4.8 -RELEASE-p7

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9

FreeBSD FreeBSD 4.9 -PRERELEASE

References

CVS Server Piped Checkout Access Validation Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report