GEN:SID | 1:2318 |
Message | MISC CVS non-relative path access attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Concurrent Versions System (CVS).
|
Impact | Serious. Manipulation of the host file system is possible.
|
Detailed Information | Concurrent Versions System (CVS) is used to track the history of source code files when developing software.
Some versions of CVS contain a vulnerability that may allow an attacker to create directories or files in the host filesystem external to the cvsroot. This is achieved via a malformed module request.
|
Affected Systems | CVS versions prior to 1.11.10
|
Attack Scenarios | An attacker may send a specially crafted request to a cvs server and create files and directories of their choosing in the hosts root filesystem. The attacker may then access these files at will to further compromise the system.
|
Ease of Attack | Simple. No exploit software is required.
|
Corrective Action | Apply the appropriate vendor supplied patches.
Upgrade to the latest non-affected version of the software.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
|
Rule References | bugtraq: 9178
cve: 2003-0977
|