CVE-2004-0180

Current Description

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.

Referenced by CVEs:CVE-2004-0405

Basic Data

PublishedJune 01, 2004
Last ModifiedMay 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.6
SeverityLOW
Exploitability Score4.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCvsCvs********1.10

Vulnerable Software List

VendorProductVersions
Cvs Cvs *

References

NameSourceURLTags
FreeBSD-SA-04:07ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.ascFREEBSDPATCH Vendor Advisory
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patchftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patchCONFIRM
20040404-01-Uftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascSGI
FEDORA-2004-1620http://marc.info/?l=bugtraq&m=108636445031613&w=2FEDORA
11368http://secunia.com/advisories/11368SECUNIA
11371http://secunia.com/advisories/11371SECUNIA
11374http://secunia.com/advisories/11374SECUNIA
11375http://secunia.com/advisories/11375SECUNIA
11377http://secunia.com/advisories/11377SECUNIA
11380http://secunia.com/advisories/11380SECUNIA
11391http://secunia.com/advisories/11391SECUNIA
11400http://secunia.com/advisories/11400SECUNIA
11405http://secunia.com/advisories/11405SECUNIA
11548http://secunia.com/advisories/11548SECUNIA
GLSA-200404-13http://security.gentoo.org/glsa/glsa-200404-13.xmlGENTOO
DSA-486http://www.debian.org/security/2004/dsa-486DEBIANPATCH Vendor Advisory
MDKSA-2004:028http://www.mandriva.com/security/advisories?name=MDKSA-2004:028MANDRAKE
RHSA-2004:153http://www.redhat.com/support/errata/RHSA-2004-153.htmlREDHATPATCH Vendor Advisory
RHSA-2004:154http://www.redhat.com/support/errata/RHSA-2004-154.htmlREDHATPATCH Vendor Advisory
SSA:2004-108-02http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181SLACKWARE
cvs-rcs-create-files(15864)https://exchange.xforce.ibmcloud.com/vulnerabilities/15864XF
oval:org.mitre.oval:def:1042https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042OVAL
oval:org.mitre.oval:def:9462https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462OVAL