GEN:SID 1:2318
Message MISC CVS non-relative path access attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the Concurrent Versions System (CVS).
Impact Serious. Manipulation of the host file system is possible.
Detailed Information Concurrent Versions System (CVS) is used to track the history of source
code files when developing software.

Some versions of CVS contain a vulnerability that may allow an attacker
to create directories or files in the host filesystem external to the
cvsroot. This is achieved via a malformed module request.
Affected Systems CVS versions prior to 1.11.10
Attack Scenarios An attacker may send a specially crafted request to a cvs server and
create files and directories of their choosing in the hosts root
filesystem. The attacker may then access these files at will to further
compromise the system.
Ease of Attack Simple. No exploit software is required.
Corrective Action Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
Rule References bugtraq: 9178
cve: 2003-0977