Mandrake Linux Security Advisory : cvs (MDKSA-2003:112-1)

high Nessus Plugin ID 14094

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository.

Updated packages are available that fix the vulnerability by providing CVS 1.11.10 on all supported distributions.

Update :

The previous updates had an incorrect temporary directory hard-coded in the cvs binary for 9.1 and 9.2. This update corrects the problem.

Solution

Update the affected cvs package.

See Also

http://www.nessus.org/u?534d3f6a

Plugin Details

Severity: High

ID: 14094

File Name: mandrake_MDKSA-2003-112.nasl

Version: 1.22

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cvs, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/10/2003

Reference Information

CVE: CVE-2003-0977

MDKSA: 2003:112-1