CVE-2005-2693
CVSS4.6
发布时间 :2005-08-26 11:50:00
修订时间 :2011-03-07 21:24:53
NMCOPS    

[原文]cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.


[CNNVD]CVS Cvsbug.In Script 不安全临时文件创建漏洞 (CNNVD-200508-290)

        CVS 1.12.12及其早前版本中的cvsbug以不安全的方式创建临时文件。这使得本地用户可以借助于符号链接攻击重写任意文件并可执行任意代码。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10835cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbi...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2693
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2693
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-290
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366
(PATCH)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366
http://www.vupen.com/english/advisories/2005/1667
(UNKNOWN)  VUPEN  ADV-2005-1667
http://www.redhat.com/support/errata/RHSA-2005-756.html
(UNKNOWN)  REDHAT  RHSA-2005:756
http://www.debian.org/security/2005/dsa-806
(UNKNOWN)  DEBIAN  DSA-806
http://www.debian.org/security/2005/dsa-802
(UNKNOWN)  DEBIAN  DSA-802
http://securitytracker.com/id?1014857
(UNKNOWN)  SECTRACK  1014857
http://secunia.com/advisories/16765
(UNKNOWN)  SECUNIA  16765
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-05:20

- 漏洞信息

CVS Cvsbug.In Script 不安全临时文件创建漏洞
中危 设计错误
2005-08-26 00:00:00 2005-10-20 00:00:00
本地  
        CVS 1.12.12及其早前版本中的cvsbug以不安全的方式创建临时文件。这使得本地用户可以借助于符号链接攻击重写任意文件并可执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        RedHat Fedora cvs-1.11.17-7.FC3.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora cvs-1.11.17-7.FC3.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora cvs-debuginfo-1.11.17-7.FC3.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora cvs-debuginfo-1.11.17-7.FC3.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        CVS CVS 1.11.19
        RedHat Fedora cvs-1.11.19-9.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat Fedora cvs-1.11.19-9.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat Fedora cvs-1.11.19-9.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat Fedora cvs-debuginfo-1.11.19-9.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat Fedora cvs-debuginfo-1.11.19-9.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat Fedora cvs-debuginfo-1.11.19-9.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        SGI ProPack 3.0 SP6
        SGI Patch 10212
        http://support.sgi.com/
        FreeBSD FreeBSD 4.11 -RELEASE-p3
        FreeBSD cvsbug.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch
        FreeBSD cvsbug.patch.asc
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch.asc
        FreeBSD FreeBSD 5.3
        FreeBSD cvsbug.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch
        FreeBSD cvsbug.patch.asc
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch.asc
        FreeBSD cvsbug53.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug53.patch
        FreeBSD cvsbug53.patch.asc
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug53.patch.asc
        FreeBSD FreeBSD 5.4 -RELENG
        FreeBSD cvsbug.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch
        FreeBSD cvsbug.patch.asc
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch.asc

- 漏洞信息 (F39962)

Debian Linux Security Advisory 806-1 (PacketStormID:F39962)
2005-09-10 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2005-2693
[点击下载]

Debian Security Advisory DSA 806-1 - Marcus Meissner discovered that the cvsbug program from gcvs, the Graphical frontend for CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 806-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 9th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cvs
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2693
Debian Bug     : 325106

Marcus Meissner discovered that the cvsbug program from gcvs, the
Graphical frontend for CVS, which serves the popular Concurrent
Versions System, uses temporary files in an insecure fashion.

For the old stable distribution (woody) this problem has been fixed in
version 1.0a7-2woody1.

For the stable distribution (sarge) this problem has been fixed in
version 1.0final-5sarge1.

The unstable distribution (sid) does not expose the cvsbug program.

We recommend that you upgrade your gcvs package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1.dsc
      Size/MD5 checksum:      628 93e38babe549bc79940ac8991634e32c
    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1.diff.gz
      Size/MD5 checksum:     7612 0bce83a419ba306aaf090862df3791d6
    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7.orig.tar.gz
      Size/MD5 checksum:  2797760 2ed03fff82873cd6977e6d2c8ed05edf

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_alpha.deb
      Size/MD5 checksum:   832560 00d36729832af586a7725cd6d32bc983

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_arm.deb
      Size/MD5 checksum:   695554 6d48d83db3dff017c55b0d2915306ec6

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_i386.deb
      Size/MD5 checksum:   631888 384ef02f66532c442e07e035478d8f97

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_ia64.deb
      Size/MD5 checksum:   976470 e26faee0bd9ee30c4303f2e2552deb4e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_hppa.deb
      Size/MD5 checksum:   772712 4325cc2a2badbf897a4020d1c5296018

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_m68k.deb
      Size/MD5 checksum:   592548 e4f53f367fd009417daa67c2d0afac71

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_mips.deb
      Size/MD5 checksum:   682472 ce2c1d93e594ca1e63209393a530c342

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_mipsel.deb
      Size/MD5 checksum:   678474 9762a5b13bfc423d5745513dc9098f30

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_powerpc.deb
      Size/MD5 checksum:   661860 edfbf9bc308628871214a27fb295efa6

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_s390.deb
      Size/MD5 checksum:   615084 ff07681a9c4ce0de0a9482c62a58431a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_sparc.deb
      Size/MD5 checksum:   641084 f97f01d9e1a5eef0df8a97c4cf33081a


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1.dsc
      Size/MD5 checksum:      671 6a7ee2cd172ecd0bd49c93bc7a6eab39
    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1.diff.gz
      Size/MD5 checksum:    10583 1b65f0c6d7340daa0fa6f864b7688bd7
    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final.orig.tar.gz
      Size/MD5 checksum:  2936168 642c8333853aeb87e8137bb26314ec9b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_alpha.deb
      Size/MD5 checksum:   894796 dd0b21f7a7c615ca7217e303413b752b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_amd64.deb
      Size/MD5 checksum:   755830 d465f2b2461e1f93ca9c4713673e02ab

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_arm.deb
      Size/MD5 checksum:   737330 5f474accbeb9f007510953568d9d6519

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_i386.deb
      Size/MD5 checksum:   727660 e2a2fe10efe306b54258fdf11b72f275

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_ia64.deb
      Size/MD5 checksum:  1009742 44d4aa5ffebe0c0eae6e95d8dd0c5b18

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_hppa.deb
      Size/MD5 checksum:   839696 9d4aa1b1f2c8a4522d1d78d9d0f0805f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_m68k.deb
      Size/MD5 checksum:   672134 bb2766fc4c3b900ad16d3078b2bee65a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_mips.deb
      Size/MD5 checksum:   766652 453825934884822b1759248b79ade37c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_mipsel.deb
      Size/MD5 checksum:   763974 f5eb8a466878ba0f9cbcbb224dfb4987

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_powerpc.deb
      Size/MD5 checksum:   766934 5c0a613c4f566e25301de9bf8230ec27

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_s390.deb
      Size/MD5 checksum:   716516 55486bd1f94c9fb32a45284741350bb6

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_sparc.deb
      Size/MD5 checksum:   713512 58dd154e86ef3eb6c86e7be1d5ca7c8b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDIRzDW5ql+IAeqTIRAkHHAJ4sxzXEPwgKHjGJLz79RY25x1fh1QCeIMjR
W8lJffH6ZrQMHTdDlVpuAFQ=
=LT9L
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F39904)

FreeBSD-SA-05-20.cvsbug.txt (PacketStormID:F39904)
2005-09-08 00:00:00
 
freebsd
CVE-2005-2693
[点击下载]

FreeBSD Security Advisory FreeBSD-SA-05-20.cvsbug - A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-05:20.cvsbug                                     Security Advisory
                                                          The FreeBSD Project

Topic:          Race condition in cvsbug

Category:       contrib
Module:         contrib_cvs
Announced:      2005-09-07
Credits:        Marcus Meissner
Affects:        All FreeBSD releases
Corrected:      2005-09-07 13:43:05 UTC (RELENG_6, 6.0-BETA5)
                2005-09-07 13:43:23 UTC (RELENG_5, 5.4-STABLE)
                2005-09-07 13:43:36 UTC (RELENG_5_4, 5.4-RELEASE-p7)
                2005-09-07 13:43:50 UTC (RELENG_5_3, 5.3-RELEASE-p21)
                2005-09-07 13:44:06 UTC (RELENG_4, 4.11-STABLE)
                2005-09-07 13:44:20 UTC (RELENG_4_11, 4.11-RELEASE-p12)
                2005-09-07 13:44:36 UTC (RELENG_4_10, 4.10-RELEASE-p17)
CVE Name:       CAN-2005-2693

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.

I.   Background

cvsbug(1) is a utility for reporting problems in the CVS revision
control system.  It is based on the GNATS send-pr(1) utility.

II.  Problem Description

A temporary file is created, used, deleted, and then re-created with
the same name.  This creates a window during which an attacker could
replace the file with a link to another file.

While cvsbug(1) is based on the send-pr(1) utility, this problem does
not exist in the version of send-pr(1) distributed with FreeBSD.

III. Impact

A local attacker could cause data to be written to any file to which
the user running cvsbug(1) has write access.  This may cause damage in
itself (e.g., by destroying important system files or documents) or may
be used to obtain elevated privileges.

IV.  Workaround

Do not use the cvsbug(1) utility on any system with untrusted users.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
dated after the correction date.

2) To patch your present system:

The following patch has been verified to apply to FreeBSD 4.10, 4.11,
5.3, and 5.4 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/cvs/cvsbug
# make obj && make depend && make && make install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- -------------------------------------------------------------------------
RELENG_4
  src/contrib/cvs/src/cvsbug.in                               1.1.1.1.2.4
RELENG_4_11
  src/UPDATING                                             1.73.2.91.2.13
  src/sys/conf/newvers.sh                                  1.44.2.39.2.16
  src/contrib/cvs/src/cvsbug.in                           1.1.1.1.2.3.2.1
RELENG_4_10
  src/UPDATING                                             1.73.2.90.2.18
  src/sys/conf/newvers.sh                                  1.44.2.34.2.19
  src/contrib/cvs/src/cvsbug.in                           1.1.1.1.2.2.6.1
RELENG_5
  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.2.1
RELENG_5_4
  src/UPDATING                                            1.342.2.24.2.16
  src/sys/conf/newvers.sh                                  1.62.2.18.2.12
  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.6.1
RELENG_5_3
  src/UPDATING                                            1.342.2.13.2.24
  src/sys/conf/newvers.sh                                  1.62.2.15.2.26
  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.4.1
RELENG_6
  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.8.1
- -------------------------------------------------------------------------

VII. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2693

The latest revision of this advisory is available at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFDHu/6FdaIBMps37IRAhxYAJ49MNDG679kpBjO2EXAWpoWez97KQCfS1fp
6Rte2l8JoEPFfgene8dVWy0=
=d52A
-----END PGP SIGNATURE-----
    

- 漏洞信息

18949
CVS cvsbug Insecure Temporary File Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CVS Cvsbug.In Script Insecure Temporary File Creation Vulnerability
Design Error 14648
No Yes
2005-08-19 12:00:00 2009-07-12 05:06:00
Discovery is credited to Josh Bressers.

- 受影响的程序版本

Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0 SP6
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
NetBSD NetBSD 2.0.2
NetBSD NetBSD 2.0.1
NetBSD NetBSD 2.0
NetBSD NetBSD 1.6.2
NetBSD NetBSD 1.6.1
NetBSD NetBSD 1.6 beta
NetBSD NetBSD 1.6
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5 x86
NetBSD NetBSD 1.5 sh3
NetBSD NetBSD 1.5
NetBSD NetBSD 1.4.3
NetBSD NetBSD 1.4.2 x86
NetBSD NetBSD 1.4.2 SPARC
NetBSD NetBSD 1.4.2 arm32
NetBSD NetBSD 1.4.2 Alpha
NetBSD NetBSD 1.4.2
NetBSD NetBSD 1.4.1 x86
NetBSD NetBSD 1.4.1 SPARC
NetBSD NetBSD 1.4.1 sh3
NetBSD NetBSD 1.4.1 arm32
NetBSD NetBSD 1.4.1 Alpha
NetBSD NetBSD 1.4.1
NetBSD NetBSD 1.4 x86
NetBSD NetBSD 1.4 SPARC
NetBSD NetBSD 1.4 arm32
NetBSD NetBSD 1.4 Alpha
NetBSD NetBSD 1.4
NetBSD NetBSD 1.3.3
NetBSD NetBSD 1.3.2
NetBSD NetBSD 1.3.1
NetBSD NetBSD 1.3
NetBSD NetBSD 1.2.1
NetBSD NetBSD 1.2
NetBSD NetBSD 1.1
NetBSD NetBSD 1.0
gcvs gcvs 1.0 final
gcvs gcvs 1.0 a7
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.5.1 -STABLEpre2001-07-20
FreeBSD FreeBSD 3.5.1 -STABLE
FreeBSD FreeBSD 3.5.1 -RELEASE
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 3.5 x
FreeBSD FreeBSD 3.5 -STABLEpre122300
FreeBSD FreeBSD 3.5 -STABLEpre050201
FreeBSD FreeBSD 3.5 -STABLE
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.4 x
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.3 x
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.2 x
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.1 x
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.0 -RELENG
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 2.2.8
FreeBSD FreeBSD 2.2.6
FreeBSD FreeBSD 2.2.5
FreeBSD FreeBSD 2.2.4
FreeBSD FreeBSD 2.2.3
FreeBSD FreeBSD 2.2.2
FreeBSD FreeBSD 2.2 x
FreeBSD FreeBSD 2.2
FreeBSD FreeBSD 2.1.7 .1
FreeBSD FreeBSD 2.1.6 .1
FreeBSD FreeBSD 2.1.6
FreeBSD FreeBSD 2.1.5
FreeBSD FreeBSD 2.1 x
FreeBSD FreeBSD 2.1
FreeBSD FreeBSD 2.0.5
FreeBSD FreeBSD 2.0
FreeBSD FreeBSD 1.1.5 .1
FreeBSD FreeBSD 4.10-PRERELEASE
FreeBSD FreeBSD 3.x
FreeBSD FreeBSD 2.x
FreeBSD FreeBSD -current
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
CVS CVS 1.12.12
CVS CVS 1.12.11
CVS CVS 1.12.10
CVS CVS 1.12.9
CVS CVS 1.12.8
CVS CVS 1.12.7
CVS CVS 1.12.5
+ OpenPKG OpenPKG 2.0
CVS CVS 1.12.2
CVS CVS 1.12.1
+ OpenPKG OpenPKG 1.3
CVS CVS 1.11.19
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Red Hat Fedora Core4
CVS CVS 1.11.17
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Red Hat Fedora Core3
CVS CVS 1.11.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
NetBSD NetBSD 2.0.3

- 不受影响的程序版本

NetBSD NetBSD 2.0.3

- 漏洞讨论

CVS creates temporary files in an insecure manner.

The vulnerability is due to the program creating temporary files with a predictable name in the '/tmp' directory.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

- 漏洞利用

There is no exploit required.

- 解决方案

Fedora advisories FEDORA-2005-790 and FEDORA-2005-791 are available for Fedora Core 3 and Fedora Core 4 to address this issue. Please see the referenced advisories for more information.

Trustix Secure Linux has released security advisory TSLSA-2005-0045 addressing this and other issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Red Hat advisory RHSA-2005:756-3 is available to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 802-1 to address this issue. Please see the referenced advisory for more information.

FreeBSD has released security advisory FreeBSD-SA-05:20 addressing this issue. Please see the referenced advisory for further information.

SGI has released Security Update #46 to address this and other issues for SGI Propack 3 Service Pack 6. Please see the referenced advisory for further information.

Debian has released advisory DSA 806-1 to address this issue. Please see the referenced advisory for more information.

FreeBSD has released an updated version of their advisory FreeBSD-SA-05:20 containing additional patches. Please see the referenced advisory for further information.

NetBSD has released version 2.0.3 of the NetBSD operating system to address this, and other issues. Please see the referenced release announcement for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


CVS CVS 1.11.17

CVS CVS 1.11.19

SGI ProPack 3.0 SP6

FreeBSD FreeBSD 4.11 -RELEASE-p3

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.4 -RELENG

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站