FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVS path validation errors

Affected packages
cvs+ipv6 <= 1.11.5_1
5.2 <= FreeBSD < 5.2.1_5
4.9 <= FreeBSD < 4.9_5
4.8 <= FreeBSD < 4.8_18

Details

VuXML ID 0792e7a7-8e37-11d8-90d1-0020ed76ef5a
Discovery 2004-04-14
Entry 2004-04-14
Modified 2004-05-05

Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when determining which files to transmit, including those containing references to parent directories (`../').

These programming errors generally only have a security impact when dealing with remote CVS repositories.

A malicious CVS server may cause a CVS client to overwrite arbitrary files on the client's system.

A CVS client may request RCS files from a remote system other than those in the repository specified by $CVSROOT. These RCS files need not be part of any CVS repository themselves.

References

CVE Name CVE-2004-0180
CVE Name CVE-2004-0405
FreeBSD Advisory SA-04:07.cvs
URL http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102