| Vulnerability Name: | CVE-2004-0180 (CCN-15864) | ||||||||||||||||||||||||
| Assigned: | 2004-04-14 | ||||||||||||||||||||||||
| Published: | 2004-04-14 | ||||||||||||||||||||||||
| Updated: | 2018-05-03 | ||||||||||||||||||||||||
| Summary: | The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||||||
| References: | Source: FREEBSD Type: Patch, Vendor Advisory FreeBSD-SA-04:07 Source: CONFIRM Type: UNKNOWN ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch Source: SGI Type: UNKNOWN 20040404-01-U Source: MITRE Type: CNA CVE-2004-0180 Source: FEDORA Type: UNKNOWN FEDORA-2004-1620 Source: CCN Type: RHSA-2004-153 cvs security update Source: CCN Type: RHSA-2004-154 Updated CVS packages fix security issue Source: CCN Type: SA11368 CVS Path Validation Vulnerabilities Source: SECUNIA Type: UNKNOWN 11368 Source: SECUNIA Type: UNKNOWN 11371 Source: SECUNIA Type: UNKNOWN 11374 Source: SECUNIA Type: UNKNOWN 11375 Source: SECUNIA Type: UNKNOWN 11377 Source: SECUNIA Type: UNKNOWN 11380 Source: SECUNIA Type: UNKNOWN 11391 Source: SECUNIA Type: UNKNOWN 11400 Source: SECUNIA Type: UNKNOWN 11405 Source: SECUNIA Type: UNKNOWN 11548 Source: GENTOO Type: UNKNOWN GLSA-200404-13 Source: DEBIAN Type: Patch, Vendor Advisory DSA-486 Source: DEBIAN Type: DSA-486 cvs -- several vulnerabilities Source: CCN Type: GLSA-200404-13 CVS Server and Client Vulnerabilities Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-04:07.cvs CVS path validation errors Source: MANDRAKE Type: UNKNOWN MDKSA-2004:028 Source: CCN Type: OpenBSD 3.4 errata Web site 017: SECURITY FIX: May 5, 2004 Source: CCN Type: OpenPKG-SA-2004.013 CVS Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:153 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:154 Source: CCN Type: BID-10138 CVS Client RCS Diff File Corruption Vulnerability Source: SLACKWARE Type: UNKNOWN SSA:2004-108-02 Source: CCN Type: slackware-security Mailing List, Sun, 18 Apr 2004 16:40:41 -0700 (PDT) cvs security update (SSA:2004-108-02) Source: CCN Type: TLSA-2004-15 Two issues have been discovered in cvs Source: XF Type: UNKNOWN cvs-rcs-create-files(15864) Source: XF Type: UNKNOWN cvs-rcs-create-files(15864) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1042 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9462 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||