CVSWeb不安全perl “open”漏洞-一一网

漏洞信息详情

CVSWeb不安全perl “open”漏洞

CNNVD编号：CNNVD-200007-033

危害等级：高危
CVE编号：
CVE-2000-0670
漏洞类型：

输入验证
发布时间：

2000-07-12
威胁类型：

本地
更新时间：

2005-05-02
厂商：

cvsweb_developer
漏洞来源：
Posted to BugTraq …

漏洞简介

CVSWeb 1.80版本中cvsweb CGI脚本存在漏洞。带有到CVS储存器的写访问的远程攻击者借助shell元字符来执行任意命令。

漏洞公告

Upgrade to at least version 1.86 available from
http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/
Debian:
Fixed in: Debian 2.1 (slink):
Source:
http://security.debian.org/dists/slink/updates/source/cvsweb_109.dsc
http://security.debian.org/dists/slink/updates/source/cvsweb_109.tar.gz
Architecture-independent binary:
http://security.debian.org/dists/slink/updates/binary-all/cvsweb_109_all.deb
Debian 2.2 (potato):
Source:
http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79-3potato1.diff.gz
http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79-3potato1.dsc
http://http.us.debian.org/debian/dists/potato/main/source/devel/cvsweb_1.79.orig.tar.gz
Architecture-independent binary:
http://http.us.debian.org/debian/dists/potato/main/binary-all/devel/cvsweb_1.79-3potato1.deb
CVSWeb Developer CVSWeb 1.80

TurboLinux cvsweb-1.93-1.noarch.rpmMD5 checksum: a9983e6d1fa2fae00f136a0b9c1708a2GPG Key for signature verification:
http://www.turbolinux.com/security/tlgpgkey.ascTo verify a package: rpm –checksig name_of_rpmTo verify MD5 checksum: rpm –checksig –nogpg name_of_rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/cvsweb-1.93-1.noarch
.rpm