CERTA-2005-AVI-167

Vulnerability from certfr_avis - Published: 2005-05-17 - Updated: 2005-07-11

None

Description

CVS (``Concurrent Versions System'') est un système client/serveur utilisé pour la gestion des versions de fichiers essentiellement textuels.

Quatres vulnérabilités découvertes dans l'application CVS permettent à un utilisateur distant mal intentionnné d'exécuter du code arbitraire ou d'effectuer un déni de service.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

La mise à jour CVS 1.11.20 est disponible à l'adresse suivante :

http://ccvs.home.org/servlets/ProjectsDocumentList

Concurrent Versions System (CVS) 1.x.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eConcurrent Versions System (CVS) 1.x.\u003c/P\u003e",
  "content": "## Description\n\nCVS (\\`\\`Concurrent Versions System\u0027\u0027) est un syst\u00e8me client/serveur\nutilis\u00e9 pour la gestion des versions de fichiers essentiellement\ntextuels.\n\nQuatres vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans l\u0027application CVS permettent \u00e0\nun utilisateur distant mal intentionnn\u00e9 d\u0027ex\u00e9cuter du code arbitraire ou\nd\u0027effectuer un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLa mise \u00e0 jour CVS 1.11.20 est disponible \u00e0 l\u0027adresse suivante :\n\n    http://ccvs.home.org/servlets/ProjectsDocumentList\n",
  "cves": [],
  "initial_release_date": "2005-05-17T00:00:00",
  "last_revision_date": "2005-07-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD FreeBSD-SA-05:05.cvs du 22    avril 2005 :",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc"
    },
    {
      "title": "Bullletin de s\u00e9curit\u00e9 RedHat RHSA-2005:387 du 25 avril 2005    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-387.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-742 du 07 juillet 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-742"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD #016 du 28 avril 2005 :",
      "url": "http://www.openbsd.org/errata.html#cvs"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2005:024 du 18 avril 2005    :",
      "url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 pour Fedora Core 3 pour CVS :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 pour Fedora Core 2 pour CVS :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:073 du 20 avril    2005 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA2005:073"
    },
    {
      "title": "Site Internet de l\u0027\u00e9diteur :",
      "url": "http://www.cvshome.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200504-16/CVS du 22 avril    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
    }
  ],
  "reference": "CERTA-2005-AVI-167",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-05-17T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SUSE et Debian.",
      "revision_date": "2005-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans CVS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005-387",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.