CVE-2004-0180
CVSS2.6
发布时间 :2004-06-01 00:00:00
修订时间 :2016-10-17 22:41:30
NMCOS    

[原文]The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.


[CNNVD]CVS客户端RCS Diff客户端文件覆盖漏洞(CNNVD-200406-009)

        
        Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
        CVS客户端在处理路径名时缺少充分处理,远程攻击者可以利用这个漏洞提供恶意CVS Server信息,可在客户端建立任意文件。
        问题是由于在进行升级或校验操作时,CVS服务器在RCS diffs中提供绝对路径名,当客户端处理时可导致在客户端系统中建立任意文件。
        

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9462The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute...
oval:org.mitre.oval:def:1042Malicious CVS Server RCS diff File Vulnerability in CVS Client
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0180
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0180
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200406-009
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
(VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-04:07
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
(UNKNOWN)  CONFIRM  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
(UNKNOWN)  SGI  20040404-01-U
http://marc.info/?l=bugtraq&m=108636445031613&w=2
(UNKNOWN)  FEDORA  FEDORA-2004-1620
http://security.gentoo.org/glsa/glsa-200404-13.xml
(UNKNOWN)  GENTOO  GLSA-200404-13
http://www.debian.org/security/2004/dsa-486
(VENDOR_ADVISORY)  DEBIAN  DSA-486
http://www.mandriva.com/security/advisories?name=MDKSA-2004:028
(UNKNOWN)  MANDRAKE  MDKSA-2004:028
http://www.redhat.com/support/errata/RHSA-2004-153.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:153
http://www.redhat.com/support/errata/RHSA-2004-154.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:154
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181
(UNKNOWN)  SLACKWARE  SSA:2004-108-02
http://xforce.iss.net/xforce/xfdb/15864
(UNKNOWN)  XF  cvs-rcs-create-files(15864)

- 漏洞信息

CVS客户端RCS Diff客户端文件覆盖漏洞
低危 访问验证错误
2004-06-01 00:00:00 2005-10-28 00:00:00
远程  
        
        Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
        CVS客户端在处理路径名时缺少充分处理,远程攻击者可以利用这个漏洞提供恶意CVS Server信息,可在客户端建立任意文件。
        问题是由于在进行升级或校验操作时,CVS服务器在RCS diffs中提供绝对路径名,当客户端处理时可导致在客户端系统中建立任意文件。
        

- 公告与补丁

        厂商补丁:
        CVS
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        CVS CVS 1.11:
        CVS Upgrade cvs-1.11.15.tar.gz
        
        http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=466

        CVS Upgrade cvs-1.12.7.tar.gz
        
        http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=468

        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-486-1)以及相应补丁:
        DSA-486-1:New cvs packages fix multiple vulnerabilities
        链接:
        http://www.debian.org/security/2002/dsa-486

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.dsc

        Size/MD5 checksum: 693 28b69f2fb8220898ca67c01315100f34
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.diff.gz

        Size/MD5 checksum: 52099 91792f8108528075bcf13b065875b4db
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz

        Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_alpha.deb

        Size/MD5 checksum: 1178632 ad23bcdf83e3ce5253e0f1d7741600b8
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_arm.deb

        Size/MD5 checksum: 1105142 143e7fd0c40a86cf34ec5a6b174fcd18
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_i386.deb

        Size/MD5 checksum: 1094930 20f380681501e6a2da820404e0198d05
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_ia64.deb

        Size/MD5 checksum: 1270908 c84aeccd424b890744f8aade97965b3f
        HP Precision architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_hppa.deb

        Size/MD5 checksum: 1147238 600d2778f0e8ab62f8194bc3fed09b23
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_m68k.deb

        Size/MD5 checksum: 1065546 7199eddc8e0cb9e2e6a62e041d7257dd
        Big endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mips.deb

        Size/MD5 checksum: 1129628 c193b5312150906f08e5f0f9f262a053
        Little endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mipsel.deb

        Size/MD5 checksum: 1130946 d5e64bbf877d7875777b9a144e00f909
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_powerpc.deb

        Size/MD5 checksum: 1116088 fca673b8d53f571a341502c569225609
        IBM S/390 architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_s390.deb

        Size/MD5 checksum: 1096904 7c22f2848da99ac592490ea23e71b8e3
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_sparc.deb

        Size/MD5 checksum: 1107142 e2d10b43bcf8619e114365c389878936
        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
         # apt-get update
        
         然后,使用下面的命令安装更新软件包:
         # apt-get upgrade
        FreeBSD
        -------
        
        http://www.debian.org/security/2004/dsa-486

        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2004:154-01)以及相应补丁:
        RHSA-2004:154-01:Updated CVS packages fix security issue
        链接:https://www.redhat.com/support/errata/RHSA-2004-154.html
        补丁下载:
        SRPMS:
        ftp://updates.redhat.com/9/en/os/SRPMS/cvs-1.11.2-17.src.rpm
        i386:
        ftp://updates.redhat.com/9/en/os/i386/cvs-1.11.2-17.i386.rpm

- 漏洞信息

5367
CVS pserver RCS Diff Absolute Path Arbitrary File Creation/Overwrite

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-04-15 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.11.15, 1.12.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CVS Client RCS Diff File Corruption Vulnerability
Access Validation Error 10138
Yes No
2004-04-14 12:00:00 2009-07-12 04:06:00
Discovery of this vulnerability has been credited to Sebastian Krahmer.

- 受影响的程序版本

Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0
SGI ProPack 2.4
SGI ProPack 2.3
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat cvs-1.11.2-10.i386.rpm
+ RedHat Linux 9.0 i386
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
Netwosix Netwosix Linux 1.1
Netwosix Netwosix Linux 1.0
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.10-PRERELEASE
CVS CVS 1.12.5
+ OpenPKG OpenPKG 2.0
CVS CVS 1.12.2
+ OpenPKG OpenPKG Current
CVS CVS 1.12.1
+ OpenPKG OpenPKG 1.3
CVS CVS 1.11.14
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
CVS CVS 1.11.11
CVS CVS 1.11.10
CVS CVS 1.11.6
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
CVS CVS 1.11.5
+ OpenPKG OpenPKG 1.2
+ S.u.S.E. Linux Personal 8.2
CVS CVS 1.11.4
CVS CVS 1.11.3
CVS CVS 1.11.2
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Slackware Linux 8.1
CVS CVS 1.11.1 p1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ OpenBSD OpenBSD 3.5
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ Red Hat Linux 6.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7+
CVS CVS 1.11.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
CVS CVS 1.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
CVS CVS 1.10.8
+ Conectiva Linux 6.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
CVS CVS 1.10.7
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
CVS CVS 1.12.7
CVS CVS 1.11.15

- 不受影响的程序版本

CVS CVS 1.12.7
CVS CVS 1.11.15

- 漏洞讨论

A vulnerability has been discovered in the CVS client. It is reported that a problem in the revision control system (RCS) diff files may allow an attacker to create an arbitrary file on a remote system. The file will be created with the privileges of the user who is invoking the CVS client.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released updates to address this and other issues. Fixes are linked below.

SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.

FreeBSD has released an advisory (FreeBSD-SA-04:07.cvs) and patches to address this issue. FreeBSD users are advised to apply these patches as soon as possible. Further information regarding obtaining and applying patches can be found in the referenced advisory. Patches are linked below.

Red Hat has released an advisory (RHSA-2004:154-06) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

OpenPKG has released an advisory (OpenPKG-SA-2004.013) and fixes to address this issue. OpenPKG users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory. Fixes are linked below.

Red Hat has released an advisory (RHSA-2004:153-07) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE has released an advisory (SuSE-SA:2004:008) and fixes to address this issue. SuSE users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Red Hat has released an advisory (RHSA-2004:154-01) and fixes to address this issue. Red Hat users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released an advisory (MDKSA-2004:028) and fixes to address this issue. Mandrake users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Gentoo has released an advisory GLSA 200404-13 to address this and another issue. Please see the referenced advisory for more information.

Gentoo users are advised to carry out the following commands to update their systems:
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.15"
# emerge ">=dev-util/cvs-1.11.15"

Debian has released advisory DSA 486-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Netwosix has released an advisory LNSA-#2004-0011 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.

Slackware has released an advisory SSA:2004-108-02 with fix information to address this and another issue in CVS. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:153-09 for their enterprise distribution dealing with this and other issues. Please see the referenced advisory for more information and details on obtaining fixes.

OpenBSD users are urged to follow the instructions contained in the patch files to update their CVS binaries.

Red Hat Fedora has released advisory FEDORA-2004-110 dealing with this issue. Please see the referenced advisory for further information.

SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address this and other issues. Please see the referenced
advisory for more information.

Turbolinux has released advisory TLSA-2004-15 dealing with this issue. Please see the referenced advisory for further information.

Red Hat Fedora Legacy advisory FLSA-2004:1620 has been released dealing with this and other issues for Red Hat 7.3 and 9.0. Please see the referenced advisory for more information.

An upgrade for CVS on the Immunix Linux platform has been released.


Red Hat Fedora Core1

CVS CVS 1.11

CVS CVS 1.11.1 p1

CVS CVS 1.11.1

CVS CVS 1.11.10

CVS CVS 1.11.11

CVS CVS 1.11.14

CVS CVS 1.11.2

CVS CVS 1.11.3

CVS CVS 1.11.4

CVS CVS 1.11.5

CVS CVS 1.11.6

CVS CVS 1.12.1

CVS CVS 1.12.2

CVS CVS 1.12.5

SGI ProPack 2.3

SGI ProPack 2.4

SGI ProPack 3.0

FreeBSD FreeBSD 4.8 -RELENG

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD FreeBSD 4.8 -RELEASE-p7

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9

FreeBSD FreeBSD 4.9 -PRERELEASE

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站