aru Posted April 14, 2004 Report Share Posted April 14, 2004 MandrakeSoft Security Advisory MDKSA-2004:028 : cvs April 14th, 2004 Updated cvs packages fix remotely exploitable vulnerability Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem. The updated packages provide 1.11.14 with the pertinent fix for the problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Corporate Server 2.1 10.0 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:028 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0180 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts