Detections
Analytics

FreeBSD : CVS path validation errors (0792e7a7-8e37-11d8-90d1-0020ed76ef5a)

medium Nessus Plugin ID 36645

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when determining which files to transmit, including those containing references to parent directories (`../').

These programming errors generally only have a security impact when dealing with remote CVS repositories.

A malicious CVS server may cause a CVS client to overwrite arbitrary files on the client's system.

A CVS client may request RCS files from a remote system other than those in the repository specified by $CVSROOT. These RCS files need not be part of any CVS repository themselves.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?c76295b2

http://www.nessus.org/u?32028ddd

Plugin Details

Severity: Medium

ID: 36645

File Name: freebsd_pkg_0792e7a78e3711d890d10020ed76ef5a.nasl

Version: 1.13

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cvs%2bipv6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/14/2004

Vulnerability Publication Date: 4/14/2004

Reference Information

CVE: CVE-2004-0180, CVE-2004-0405

FreeBSD: SA-04:07.cvs