Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2003-009.NASLHistoryJul 31, 2004 - 12:00 a.m.
Mandrake Linux Security Advisory : cvs (MDKSA-2003:009)
2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
19
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.296 Low
EPSS
Percentile
96.9%
Two vulnerabilities were discoverd by Stefen Esser in the cvs program.
The first is an exploitable double free() bug within the server, which can be used to execute arbitrary code on the CVS server. To accomplish this, the attacker must have an anonymous read-only login to the CVS server. The second vulnerability is with the Checkin-prog and Update-prog commands. If a client has write permission, he can use these commands to execute programs outside of the scope of CVS, the output of which will be sent as output to the client.
This update fixes the double free() vulnerability and removes the Checkin-prog and Update-prog commands from CVS.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2003:009.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(13994);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2003-0015");
script_xref(name:"MDKSA", value:"2003:009");
script_name(english:"Mandrake Linux Security Advisory : cvs (MDKSA-2003:009)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandrake Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Two vulnerabilities were discoverd by Stefen Esser in the cvs program.
The first is an exploitable double free() bug within the server, which
can be used to execute arbitrary code on the CVS server. To accomplish
this, the attacker must have an anonymous read-only login to the CVS
server. The second vulnerability is with the Checkin-prog and
Update-prog commands. If a client has write permission, he can use
these commands to execute programs outside of the scope of CVS, the
output of which will be sent as output to the client.
This update fixes the double free() vulnerability and removes the
Checkin-prog and Update-prog commands from CVS."
);
script_set_attribute(
attribute:"see_also",
value:"http://security.e-matters.de/advisories/012003.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected cvs package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cvs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
script_set_attribute(attribute:"patch_publication_date", value:"2003/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"cvs-1.11.4-2.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"cvs-1.11.4-2.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"cvs-1.11.4-2.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"cvs-1.11.4-2.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"cvs-1.11.4-2.2mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | cvs | p-cpe:/a:mandriva:linux:cvs |
| mandrakesoft | mandrake_linux | 7.2 | cpe:/o:mandrakesoft:mandrake_linux:7.2 |
| mandrakesoft | mandrake_linux | 8.0 | cpe:/o:mandrakesoft:mandrake_linux:8.0 |
| mandrakesoft | mandrake_linux | 8.1 | cpe:/o:mandrakesoft:mandrake_linux:8.1 |
| mandrakesoft | mandrake_linux | 8.2 | cpe:/o:mandrakesoft:mandrake_linux:8.2 |
| mandrakesoft | mandrake_linux | 9.0 | cpe:/o:mandrakesoft:mandrake_linux:9.0 |
Related
slackware
slackware
New CVS packages available
2003-01-21 14:26:20
osv
osv
cvs - doubly freed memory
2003-01-21 00:00:00
nessus
nessus
Debian DSA-233-1 : cvs - doubly freed memory
2004-09-29 00:00:00
SSA-18708 New CVS packages available
2005-07-13 00:00:00
RHEL 2.1 : cvs (RHSA-2003:013)
2004-07-06 00:00:00
cert
cert
Concurrent Versions System (CVS) server improperly deallocates memory
2003-01-21 00:00:00
openvas
openvas
Debian Security Advisory DSA 233-1 (cvs)
2008-01-17 00:00:00
Debian Security Advisory DSA 233-1 (cvs)
2008-01-17 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_PSERVERD
2003-02-07 05:00:00
cve
cve
CVE-2003-0015
2004-09-01 04:00:00
nvd
nvd
CVE-2003-0015
2003-02-07 05:00:00
securityvulns
securityvulns
Advisory 01/2003: CVS remote vulnerability
2003-01-23 00:00:00
CERT Advisory CA-2003-02 Double-Free Bug in CVS Server
2003-01-23 00:00:00
redhat
redhat
(RHSA-2003:013) cvs security update
2003-02-06 00:00:00
ubuntucve
ubuntucve
CVE-2003-0015
2003-02-07 00:00:00
cvelist
cvelist
CVE-2003-0015
2004-09-01 04:00:00
debiancve
debiancve
CVE-2003-0015
2004-09-01 04:00:00
debian
debian
[SECURITY] [DSA 233-1] New cvs packages fix arbitrary code execution
2003-01-21 14:05:10
[SECURITY] [DSA 233-1] New cvs packages fix arbitrary code execution
2003-01-21 14:05:10
suse
suse
remote system compromise in cvs
2003-01-22 16:52:12
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.296 Low
EPSS
Percentile
96.9%
Related for MANDRAKE_MDKSA-2003-009.NASL