SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#579225

CVS "history" command may disclose sensitive information

Overview

A vulnerability exists in the history command of Concurrent Versions System (CVS). If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user.

I. Description

Concurrent Versions System (CVS) is a source code maintenance system that is widely used by open-source software development projects. It provides a history command that displays reports on cvs commands that have been executed on files or directories in the source repository. The history command supports a -X command line switch, which is designed to allow a user to specify the name of the history file to be used. This command line switch contains an information disclosure vulnerability. When specifying a directory or filename to the -X command line switch, the error message that is returned could allow an attacker to determine the existence and accessibility of arbitrary files or directories on an affected system.

II. Impact

A remote, authenticated CVS user could determine if arbitrary files or directories exist on an affected system and whether the CVS daemon has privileges to access them.

III. Solution

Apply a patch or upgrade

Apply the appropriate patch or upgrade as specified by your vendor. This issue has been resolved in Stable CVS Version 1.11.17 and CVS Feature Version 1.12.9.

Disable the CVS server

Until patches are available and can be applied, consider disabling the CVS server.

Block or restrict access

Block or restrict access to the CVS server from untrusted hosts and networks. The CVS server typically listens on 2401/tcp, but it may use another port or protocol.

Limit the CVS server privileges

  • Configure CVS server to run in a restricted (chroot) environment.
  • Run CVS servers with the minimum set of privileges required on the host file system.
  • Provide separate systems for development (write) and public/anonymous (read-only) CVS access.
  • Host public/anonymous CVS servers on single-purpose, secured systems.

Note that some of these workarounds will only limit the scope and impact of possible attacks.

Systems Affected
VendorStatusDate NotifiedDate Updated
CVS HomeVulnerable18-Aug-2004

References


http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities
http://www.securitytracker.com/alerts/2004/Aug/1010958.html
http://secunia.com/advisories/12309/

Credit

This vulnerability was reported by iDefense.

This document was written by Damon Morda.

Other Information

Date Public:2004-08-16
Date First Published:2004-08-17
Date Last Updated:2004-08-19
CERT Advisory: 
CVE-ID(s):CAN-2004-0778
NVD-ID(s):CAN-2004-0778
US-CERT Technical Alerts: 
Metric:12.60
Document Revision:25

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader