发布时间 :2000-04-23 00:00:00
修订时间 :2008-09-10 15:04:10

[原文]Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.

[CNNVD]Concurrent Versions Software漏洞(CNNVD-200004-062)

        Concurrent Versions Software(CVS)使用可预测的临时文件名锁定存在漏洞,本地用户可以通过在其他合法的CVS用户使用前生成锁定目录触发拒绝访问。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Concurrent Versions Software漏洞
中危 未知
2000-04-23 00:00:00 2010-12-02 00:00:00
        Concurrent Versions Software(CVS)使用可预测的临时文件名锁定存在漏洞,本地用户可以通过在其他合法的CVS用户使用前生成锁定目录触发拒绝访问。

- 公告与补丁


- 漏洞信息 (19870)

CVS 1.10.7 Local Denial of Service Vulnerability (EDBID:19870)
linux local
2000-04-23 Verified
0 Michal Szymanski
N/A [点击下载]

CVS stands for Concurrent Versions Software and is an open-source package designed to allow multiple developers to work concurrently on a single source tree, recording changes and controlling versions. It is possible to cause a denial of service for users of CVS due to predictable temporary filenames. CVS uses locking directories in /tmp and combines the static string 'cvs-serv' with the process ID to use as filenames. This is trivial to guess for an attacker, and since /tmp is world writeable, directories can be created with predicted names. CVS drops root priviliges, so these directories cannot be overwritten and every session for which a locking directory has been already created (by the attacker) will be broken.

The following perl script will create many directories in /tmp with incrementing pids:



for ($x=$min;$x<=$max;$x++) {
open CVSTMP, ">>/tmp/cvs-serv$x" or die "/tmp/cvs-serv$x: $!";
chmod 0600, "/tmp/cvs-serv$x";
close CVSTMP;

- 漏洞信息

CVS Predictable Temp Filename Local DoS
Local Access Required Denial of Service
Loss of Availability Solution Unknown
Exploit Public Third-party Verified, Uncoordinated Disclosure

- 漏洞描述

- 时间线

2000-04-23 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete