CVE-2003-0015
CVSS7.5
发布时间 :2003-02-07 00:00:00
修订时间 :2016-10-17 22:28:20
NMCOEPS    

[原文]Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.


[CNNVD]CVS远程非法目录请求导致堆破坏漏洞(CNNVD-200302-010)

        
        Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
        CVS的服务代码在处理目录请求时存在缺陷,远程攻击者可以利用这个漏洞进行基于堆破坏的攻击,可能以CVS进程权限在系统上执行任意指令。
        当攻击者发送畸形目录名给CVS的时会触发错误条件,使得函数释放了某个缓冲区后并没有分配新的缓冲区。这在下一个目录请求时会发生典型的double-free()问题。
        通过其他CVS请求的帮助,可以泄露部分信息用于判断堆的位置或以其他已知漏洞在系统上执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-415 [双重释放]

- CPE (受影响的平台与产品)

cpe:/a:cvs:cvs:1.11.4
cpe:/a:cvs:cvs:1.11.3
cpe:/a:cvs:cvs:1.11.2
cpe:/a:cvs:cvs:1.11.1
cpe:/a:cvs:cvs:1.11.1p1
cpe:/a:cvs:cvs:1.10.8
cpe:/a:cvs:cvs:1.11
cpe:/a:cvs:cvs:1.10.7
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0015
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0015
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200302-010
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
(UNKNOWN)  VULNWATCH  20030120 Advisory 01/2003: CVS remote vulnerability
http://marc.info/?l=bugtraq&m=104333092200589&w=2
(UNKNOWN)  BUGTRAQ  20030122 [security@slackware.com: [slackware-security] New CVS packages available]
http://marc.info/?l=bugtraq&m=104342550612736&w=2
(UNKNOWN)  BUGTRAQ  20030124 Test program for CVS double-free.
http://marc.info/?l=bugtraq&m=104428571204468&w=2
(UNKNOWN)  BUGTRAQ  20030202 Exploit for CVS double free() for Linux pserver
http://marc.info/?l=bugtraq&m=104438807203491&w=2
(UNKNOWN)  FREEBSD  FreeBSD-SA-03:01
http://rhn.redhat.com/errata/RHSA-2003-013.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:013
http://security.e-matters.de/advisories/012003.html
(VENDOR_ADVISORY)  MISC  http://security.e-matters.de/advisories/012003.html
http://www.cert.org/advisories/CA-2003-02.html
(UNKNOWN)  CERT  CA-2003-02
http://www.ciac.org/ciac/bulletins/n-032.shtml
(UNKNOWN)  CIAC  N-032
http://www.debian.org/security/2003/dsa-233
(UNKNOWN)  DEBIAN  DSA-233
http://www.kb.cert.org/vuls/id/650937
(VENDOR_ADVISORY)  CERT-VN  VU#650937
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
(UNKNOWN)  MANDRAKE  MDKSA-2003:009
http://www.redhat.com/support/errata/RHSA-2003-012.html
(UNKNOWN)  REDHAT  RHSA-2003:012
http://www.securityfocus.com/bid/6650
(UNKNOWN)  BID  6650
http://xforce.iss.net/xforce/xfdb/11108
(VENDOR_ADVISORY)  XF  cvs-doublefree-memory-corruption(11108)

- 漏洞信息

CVS远程非法目录请求导致堆破坏漏洞
高危 边界条件错误
2003-02-07 00:00:00 2006-11-06 00:00:00
远程  
        
        Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
        CVS的服务代码在处理目录请求时存在缺陷,远程攻击者可以利用这个漏洞进行基于堆破坏的攻击,可能以CVS进程权限在系统上执行任意指令。
        当攻击者发送畸形目录名给CVS的时会触发错误条件,使得函数释放了某个缓冲区后并没有分配新的缓冲区。这在下一个目录请求时会发生典型的double-free()问题。
        通过其他CVS请求的帮助,可以泄露部分信息用于判断堆的位置或以其他已知漏洞在系统上执行任意代码。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 采用Stefan Esser(s.esser@e-matters.de)第三方补丁在配置文件中关闭Update-prog和Checkin-prog:
        
        http://security.e-matters.de/patches/cvs_disablexprog.diff

        * 使用chrooted over SSH运行方式来代替普通的:pserver:模式在运行CVS服务:
        
        http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt

        厂商补丁:
        CVS
        ---
        
        http://www.debian.org/security/2003/dsa-233

        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-233-1)以及相应补丁:
        DSA-233-1:New cvs packages fix arbitrary code execution
        链接:
        http://www.debian.org/security/2002/dsa-233

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.dsc

        Size/MD5 checksum: 582 5c3493da60574f2d207376ffc8023964
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.diff.gz

        Size/MD5 checksum: 35717 76d1e80427b67945e2b10c4bd449b1b7
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7.orig.tar.gz

        Size/MD5 checksum: 2312181 614e72d2a6dff40f3f5bec2e9be270f2
        Architecture independent components:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs-doc_1.10.7-9.2_all.deb

        Size/MD5 checksum: 875428 d7a1b05fc60c8524077b41abef40be82
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_alpha.deb

        Size/MD5 checksum: 559820 6d27ca86cf46ffdec1ff9ca0710c74d2
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_arm.deb

        Size/MD5 checksum: 474478 93283c96da77a7c2906576632ff1f666
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_i386.deb

        Size/MD5 checksum: 455974 32924918a5a027f287c1fff64139aa98
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_m68k.deb

        Size/MD5 checksum: 434776 df8c02b15a87bec5658d88e913bb0617
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_powerpc.deb

        Size/MD5 checksum: 484070 78114da539eb4db94d5be1b77e6f1145
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_sparc.deb

        Size/MD5 checksum: 476174 159dc8aefaffe14e4188efc9efae1b1a
        Debian GNU/Linux 3.0 alias woody
        - --------------------------------
        Source archives:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.dsc

        Size/MD5 checksum: 687 3bd481f023c7d48ebf940f18f7c33676
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.diff.gz

        Size/MD5 checksum: 46985 f82269f5699a64b3c8a1836f4307d5b1
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz

        Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_alpha.deb

        Size/MD5 checksum: 1177920 eed3c107f8156965a2648ff6bc57ea1a
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_arm.deb

        Size/MD5 checksum: 1104340 6d55d5b6013029726f33d27f756e8232
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_i386.deb

        Size/MD5 checksum: 1085010 db4c58e92bfdc56730c14df95ba8fab8
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_ia64.deb

        Size/MD5 checksum: 1269590 4cea089453af0476f3c304a9c0055092
        HP Precision architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_hppa.deb

        Size/MD5 checksum: 1146366 157380627dc8e7e8c0cc3d6510bb8c85
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_m68k.deb

        Size/MD5 checksum: 1064640 c31eb6a3f549f1e3f88ce334895e5e28
        Big endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mips.deb

        Size/MD5 checksum: 1128826 73112b82d7c2a1bb36bee6f172809e00
        Little endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mipsel.deb

        Size/MD5 checksum: 1130112 f358566006b1ee33a1872c9e485e1ce1
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_powerpc.deb

        Size/MD5 checksum: 1115310 9cce0571143b2bdf118b7e215d6aaa5e
        IBM S/390 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_s390.deb

        Size/MD5 checksum: 1096250 74df925521a9fb91bc9dfef9dce15e1a
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_sparc.deb

        Size/MD5 checksum: 1106098 d69a55f754484761aebc67a723b81aa6
        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
        &n

- 漏洞信息 (22187)

CVS 1.11.x Directory Request Double Free Heap Corruption Vulnerability (EDBID:22187)
linux remote
2003-01-20 Verified
0 Stefan Esser
N/A [点击下载]
source: http://www.securityfocus.com/bid/6650/info

CVS is prone to a double free vulnerability in the Directory requests. An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code.

http://www.exploit-db.com/sploits/22187.tar.gz		

- 漏洞信息 (F30745)

cvs-1.11.4.txt (PacketStormID:F30745)
2003-01-23 00:00:00
Stefan Esser  security.e-matters.de
advisory,root
CVE-2003-0015
[点击下载]

CVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.

e-matters GmbH
                          www.e-matters.de

                      -= Security  Advisory =-



     Advisory: CVS remote vulnerability
 Release Date: 2003/01/20
Last Modified: 2003/01/20
       Author: Stefan Esser [s.esser@e-matters.de]

  Application: CVS <= 1.11.4
     Severity: A vulnerability within CVS allows remote compromise of
               CVS servers.
         Risk: Critical
Vendor Status: Vendor has released a bugfixed version.
    Reference: http://security.e-matters.de/advisories/012003.html


Overview:

   Concurrent Versions System (CVS) is the dominant open-source version 
   control software that allows developers to access the latest code using
   a network connection. CVS version 1.11.4 and below contain a flaw that
   can be used by a remote attacker to execute arbitrary code on the server.
      
   You should also note, that the CVS client/server protocol includes two 
   commands (Update-prog and Checkin-prog) that can be used by any CVS user
   with write access to the repository to execute arbitrary shell commands
   on the server. This is a questionable feature, because it is very badly
   documented, is unknown to most CVS administrators and cannot be turned
   off within the configuration files.
   
   
Details:
   
   While auditing the CVS sourcetree I found a flaw within the handling of
   the Directory request within the server code. By sending a malformed 
   directory name it is possible to trigger an error condition that will 
   make the function return at a point where a global pointer variable is 
   already freed and has not got a new value assigned yet. This will result
   in a classical double-free() when the next Directory request is handled.
   With the help of other CVS requests it is possible to either leak some
   information that could be used to determine the heap position or to
   execute arbitrary code on systems that are known to be vulnerable to
   this kind of bugs. This includes Linux, Solaris and most probably Windows
   systems. 
   
   Additionally I was able to create proof of concept code that uses this
   vulnerability to execute arbitrary shell commands on BSD servers. I was
   able to achieve this because all allocated memory is aligned on BSD 
   systems which makes it very easy to get newly allocated memory blocks 
   into the same position of already freed blocks of the same slotsize.
   In combination with some CVS requests that work on lists of pointers,
   I was able to use this bug to free arbitrary memory addresses. With the
   help of the information leak capabilities of this vulnerability it is 
   possible to guess the address of some strings that are needed for the 
   read/write access checks. Combined this allowes to bypass the write 
   access checks and to abuse the Update-prog/Checkin-prog requests to 
   execute arbitrary commands on the server with an anonymous read-only
   account.
   
   The impact of this vulnerability depends highly on the configuration of
   the server. The CVS server is by default started via inetd with root 
   privileges. If CVSROOT/passwd is left writeable to the CVS user this means
   a remote root compromise. You must also consider that chrooting the CVS
   daemon may protect the rest of your system against the intruder but will
   still leave the whole source tree vulnerable to the attacker. 

   Summarized this means that this vulnerability is a threat to most open
   source projects because nearly all of them offer anonymous CVS access to
   the source tree. Even if the attacker is not able to extend his attack
   on the developer CVS server (if it is seperated at all) he could still
   backdoor everything other people download from the anonymous server.


Proof of Concept:

   e-matters is not going to release an exploit for this vulnerability to
   the public.
   

Disclosure Timeline:

   04. January 2003 - Vendor was notified via email. Unfourtunately the
                      person that I tried to contact was on vacation, so I
                      received no answer.
   12. January 2003 - The vulnerability was disclosed to the admins of several
                      big public CVS repositories and to some distributors.
   15. January 2003 - Vendor has committed the fix to the CVS CVS repository.
   16. January 2003 - Vendor-sec was notified that a new bugfixed CVS version
                      will be released on 20th January.
   20. January 2003 - Vendor has released a new version which fixes the double
                      free problem. You can download it at:
                      http://ccvs.cvshome.org/servlets/ProjectDownloadList

   
CVE Information:

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CAN-2003-0015 to this issue.


Recommendation:

   My recommendation is to immediantly update to the new version. You may also
   consider applying my patch which adds the ability to turn off Update-prog
   and Checkin-prog within your configuration files. You can download it from
   
   http://security.e-matters.de/patches/cvs_disablexprog.diff
   
   You should also consider running your CVS server chrooted over SSH instead
   of using the :pserver: method. You can find a tutorial how to setup such a
   server at
   
   http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt
   
   
GPG-Key:

   http://security.e-matters.de/gpg_key.asc
    
   pub  1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam
   Key fingerprint = 43DD 843C FAB9 832A E5AB  CAEB 81F2 8110 75E7 AAD6


Copyright 2003 Stefan Esser. All rights reserved.

-- 

--------------------------------------------------------------------------
 Stefan Esser                                        s.esser@e-matters.de
 e-matters Security                         http://security.e-matters.de/

 GPG-Key                gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 
 Key fingerprint       B418 B290 ACC0 C8E5 8292  8B72 D6B0 7704 CF6C AE69
--------------------------------------------------------------------------
 Did I help you? Consider a gift:            http://wishlist.suspekt.org/
--------------------------------------------------------------------------

    

- 漏洞信息

3227
CVS Malformed Directory Request Double-free Privilege Escalation
Input Manipulation
Loss of Integrity Upgrade
Exploit Commercial Vendor Verified

- 漏洞描述

CVS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with write access to the repository sends a malformed directory name and makes special use of the "update-prog" and "checkin-prog" commands to execute arbitrary code on the server with the privileges of the running CVS server. If CVSROOT/passwd has been left as writeable this results in a root compromise. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

- 时间线

2003-12-29 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.11.11 (stable) or 1.12.5 (feature) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CVS Directory Request Double Free Heap Corruption Vulnerability
Boundary Condition Error 6650
Yes No
2003-01-20 12:00:00 2009-07-11 07:17:00
This vulnerability was discovered by Stefan Esser of e-matters.

- 受影响的程序版本

Sun Linux 5.0.3
Sun Cobalt RaQ XTR
Sun Cobalt RaQ 550
Sun Cobalt RaQ 4
Sun Cobalt RaQ 3
Sun Cobalt RaQ 2
Sun Cobalt Qube 3
Sun Cobalt Qube 2
Sun Cobalt CacheRaQ 4
Sun Cobalt CacheRaQ 3
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4
CVS CVS 1.11.4
CVS CVS 1.11.3
CVS CVS 1.11.2
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Slackware Linux 8.1
CVS CVS 1.11.1 p1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ OpenBSD OpenBSD 3.5
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ Red Hat Linux 6.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7+
CVS CVS 1.11.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
CVS CVS 1.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
CVS CVS 1.10.8
+ Conectiva Linux 6.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
CVS CVS 1.10.7
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
CrossWind CyberScheduler 1.10.7
CVS CVS 1.11.5
+ OpenPKG OpenPKG 1.2
+ S.u.S.E. Linux Personal 8.2

- 不受影响的程序版本

CVS CVS 1.11.5
+ OpenPKG OpenPKG 1.2
+ S.u.S.E. Linux Personal 8.2

- 漏洞讨论

CVS is prone to a double free vulnerability in the Directory requests. An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code.

- 漏洞利用

It has been reported that a working exploit has been developed by Stefan Esser, but has not been made publicly available.

A program has been released, by Joe Testa &lt;Joe_Testa@rapid7.com&gt;, which is designed to verify vulnerable CVS installations. Further details can be found in the attached reference.

An exploit was also provided by Igor Dobrovitski &lt;noident@mad.scientist.com&gt;.

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

Gentoo Linux has released an advisory. Users who have installed dev-util/cvs are advised to upgrade their systems to cvs-1.11.5 by issuing the following commands:

emerge sync
emerge -u cvs
emerge clean

This issue has been addressed in CVS 1.11.5.

Cray OS versions 3.3 and earlier are vulnerable to this issue. Users of COS are advised to contact their local Cray service representative for fixes.

IBM AIX has a fix for CVS shipped with the Linux Affinity Toolbox. Users are advised to download CVS 1.11.1p1-3 from the following site:
ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/cvs/cvs-1.11.1p1-3.aix4.3.ppc.rpm

Sun has released a fix to address this issue in Sun Linux 5.0.3. Users are advised to upgrade as soon as possible.

Conectiva Linux has released an updated security advisory containing new fixes. It has been reported that the old fixes introduced problems in CVS. Users are advised to apply the latest fixes as soon as possible.

OpenBSD has made patches available which address this issue.

FreeBSD has released an advisory with patch information. Users are advised to upgrade to 4.7-STABLE or the appropriate CVS branch dated after the correction date or to install the appropriate patch:

2003-01-21 22:26:46 UTC (RELENG_4)
2003-02-04 18:05:07 UTC (RELENG_5_0)
2003-02-04 18:07:20 UTC (RELENG_4_7)
2003-02-04 18:08:26 UTC (RELENG_4_6)

Fixes are available:


CVS CVS 1.10.7

CrossWind CyberScheduler 1.10.7

CVS CVS 1.10.8

CVS CVS 1.11

CVS CVS 1.11.1 p1

CVS CVS 1.11.1

CVS CVS 1.11.2

CVS CVS 1.11.3

CVS CVS 1.11.4

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.7

FreeBSD FreeBSD 5.0

Sun Linux 5.0.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站