Vulnerability Note VU#579225
CVS "history" command may disclose sensitive information
A vulnerability exists in the history command of Concurrent Versions System (CVS). If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user.
Concurrent Versions System (CVS) is a source code maintenance system that is widely used by open-source software development projects. It provides a history command that displays reports on cvs commands that have been executed on files or directories in the source repository. The history command supports a -X command line switch, which is designed to allow a user to specify the name of the history file to be used. This command line switch contains an information disclosure vulnerability. When specifying a directory or filename to the -X command line switch, the error message that is returned could allow an attacker to determine the existence and accessibility of arbitrary files or directories on an affected system.
A remote, authenticated CVS user could determine if arbitrary files or directories exist on an affected system and whether the CVS daemon has privileges to access them.
Apply a patch or upgrade
Note that some of these workarounds will only limit the scope and impact of possible attacks.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CVS Home||Affected||-||18 Aug 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by iDefense.
This document was written by Damon Morda.
- CVE IDs: CAN-2004-0778
- Date Public: 16 Aug 2004
- Date First Published: 17 Aug 2004
- Date Last Updated: 19 Aug 2004
- Severity Metric: 12.60
- Document Revision: 25
If you have feedback, comments, or additional information about this vulnerability, please send us email.