A vulnerability exists in the history command of Concurrent Versions System (CVS). If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user.
Concurrent Versions System (CVS) is a source code maintenance system that is widely used by open-source software development projects. It provides a history command that displays reports on cvs commands that have been executed on files or directories in the source repository. The history command supports a -X command line switch, which is designed to allow a user to specify the name of the history file to be used. This command line switch contains an information disclosure vulnerability. When specifying a directory or filename to the -X command line switch, the error message that is returned could allow an attacker to determine the existence and accessibility of arbitrary files or directories on an affected system.
A remote, authenticated CVS user could determine if arbitrary files or directories exist on an affected system and whether the CVS daemon has privileges to access them.
Apply a patch or upgrade
Note that some of these workarounds will only limit the scope and impact of possible attacks.
This vulnerability was reported by iDefense.
|Date First Published:||2004-08-17|
|Date Last Updated:||2004-08-19 19:53 UTC|