CVS客户端RCS Diff客户端文件覆盖漏洞

漏洞信息详情

CVS客户端RCS Diff客户端文件覆盖漏洞

• CNNVD编号：CNNVD-200406-009
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2004-0180
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2004-04-22
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-28
  
• 厂        商：
  
  cvs
• 漏洞来源：
  Sebastian Krahmer※…

Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
CVS客户端在处理路径名时缺少充分处理，远程攻击者可以利用这个漏洞提供恶意CVS Server信息，可在客户端建立任意文件。
问题是由于在进行升级或校验操作时，CVS服务器在RCS diffs中提供绝对路径名，当客户端处理时可导致在客户端系统中建立任意文件。

厂商补丁：
CVS
—
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

CVS CVS 1.11:

CVS Upgrade cvs-1.11.15.tar.gz

http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=466” target=”_blank”>
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=466

CVS Upgrade cvs-1.12.7.tar.gz

http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=468” target=”_blank”>
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=468
Debian
——
Debian已经为此发布了一个安全公告(DSA-486-1)以及相应补丁:

DSA-486-1：New cvs packages fix multiple vulnerabilities

链接：http://www.debian.org/security/2002/dsa-486” target=”_blank”>
http://www.debian.org/security/2002/dsa-486

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.dsc

Size/MD5 checksum: 693 28b69f2fb8220898ca67c01315100f34

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.diff.gz

Size/MD5 checksum: 52099 91792f8108528075bcf13b065875b4db

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz

Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205

Alpha architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_alpha.deb

Size/MD5 checksum: 1178632 ad23bcdf83e3ce5253e0f1d7741600b8

ARM architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_arm.deb

Size/MD5 checksum: 1105142 143e7fd0c40a86cf34ec5a6b174fcd18

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_i386.deb

Size/MD5 checksum: 1094930 20f380681501e6a2da820404e0198d05

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_ia64.deb

Size/MD5 checksum: 1270908 c84aeccd424b890744f8aade97965b3f

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_hppa.deb

Size/MD5 checksum: 1147238 600d2778f0e8ab62f8194bc3fed09b23

Motorola 680×0 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_m68k.deb

Size/MD5 checksum: 1065546 7199eddc8e0cb9e2e6a62e041d7257dd

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mips.deb

Size/MD5 checksum: 1129628 c193b5312150906f08e5f0f9f262a053

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mipsel.deb

Size/MD5 checksum: 1130946 d5e64bbf877d7875777b9a144e00f909

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_powerpc.deb

Size/MD5 checksum: 1116088 fca673b8d53f571a341502c569225609

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_s390.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_s390.deb

Size/MD5 checksum: 1096904 7c22f2848da99ac592490ea23e71b8e3

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_sparc.deb

Size/MD5 checksum: 1107142 e2d10b43bcf8619e114365c389878936

补丁安装方法：

1. 手工安装补丁包：

首先，使用下面的命令来下载补丁软件：

# wget url (url是补丁下载链接地址)

然后，使用下面的命令来安装补丁：

# dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

首先，使用下面的命令更新内部数据库：

# apt-get update

然后，使用下面的命令安装更新软件包：

# apt-get upgrade
FreeBSD
——-
http://www.debian.org/security/2004/dsa-486” target=”_blank”>
http://www.debian.org/security/2004/dsa-486
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2004:154-01)以及相应补丁:

RHSA-2004:154-01：Updated CVS packages fix security issue

链接：https://www.redhat.com/support/errata/RHSA-2004-154.html” target=”_blank”>https://www.redhat.com/support/errata/RHSA-2004-154.html

补丁下载：

SRPMS:

ftp://updates.redhat.com/9/en/os/SRPMS/cvs-1.11.2-17.src.rpm

i386:

ftp://updates.redhat.com/9/en/os/i386/cvs-1.11.2-17.i386.rpm

来源: REDHAT
名称: RHSA-2004:154
链接:http://www.redhat.com/support/errata/RHSA-2004-154.html

来源: REDHAT
名称: RHSA-2004:153
链接:http://www.redhat.com/support/errata/RHSA-2004-153.html

来源: DEBIAN
名称: DSA-486
链接:http://www.debian.org/security/2004/dsa-486

来源: FREEBSD
名称: FreeBSD-SA-04:07
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc

来源: OVAL
名称: oval:org.mitre.oval:def:9462
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9462

来源: SGI
名称: 20040404-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc

来源: ftp.openbsd.org
链接:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch

来源: XF
名称: cvs-rcs-create-files(15864)
链接:http://xforce.iss.net/xforce/xfdb/15864

来源: SLACKWARE
名称: SSA:2004-108-02
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181

来源: MANDRAKE
名称: MDKSA-2004:028
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:028

来源: GENTOO
名称: GLSA-200404-13
链接:http://security.gentoo.org/glsa/glsa-200404-13.xml

来源: SECUNIA
名称: 11548
链接:http://secunia.com/advisories/11548

来源: SECUNIA
名称: 11405
链接:http://secunia.com/advisories/11405

来源: SECUNIA
名称: 11400
链接:http://secunia.com/advisories/11400

来源: SECUNIA
名称: 11391
链接:http://secunia.com/advisories/11391

来源: SECUNIA
名称: 11380
链接:http://secunia.com/advisories/11380

来源: SECUNIA
名称: 11377
链接:http://secunia.com/advisories/11377

来源: SECUNIA
名称: 11375
链接:http://secunia.com/advisories/11375

来源: SECUNIA
名称: 11374
链接:http://secunia.com/advisories/11374

来源: SECUNIA
名称: 11371
链接:http://secunia.com/advisories/11371

来源: SECUNIA
名称: 11368
链接:http://secunia.com/advisories/11368

来源: FEDORA
名称: FEDORA-2004-1620
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108636445031613&w=2

来源: US Government Resource: oval:org.mitre.oval:def:1042
名称: oval:org.mitre.oval:def:1042
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1042