CVE-2003-0977

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1	Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
http://marc.info/?l=bugtraq&m=107168035515554&w=2
http://marc.info/?l=bugtraq&m=107540163908129&w=2
http://secunia.com/advisories/10601
http://www.debian.org/security/2004/dsa-422	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cvs:cvs:1.10.7:::::::*
	cpe:2.3:a:cvs:cvs:1.10.8:::::::*
	cpe:2.3:a:cvs:cvs:1.11:::::::*
	cpe:2.3:a:cvs:cvs:1.11.1:::::::*
	cpe:2.3:a:cvs:cvs:1.11.1_p1:::::::*
	cpe:2.3:a:cvs:cvs:1.11.2:::::::*
	cpe:2.3:a:cvs:cvs:1.11.3:::::::*
	cpe:2.3:a:cvs:cvs:1.11.4:::::::*
	cpe:2.3:a:cvs:cvs:1.11.5:::::::*
	cpe:2.3:a:cvs:cvs:1.11.6:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:slackware:slackware_linux:8.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.1:::::::*

History

No history.

Information

Published : 2004-01-05 05:00

Updated : 2017-10-11 01:29

NVD link : CVE-2003-0977

Mitre link : CVE-2003-0977

CVE.ORG link : CVE-2003-0977

JSON object : View

Products Affected

slackware

slackware_linux

cvs

cvs

CWE

NVD-CWE-Other

{"id": "CVE-2003-0977", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-01-05T05:00:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "source": "cve@mitre.org"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "source": "cve@mitre.org"}, {"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107168035515554&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107540163908129&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/10601", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-422", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."}, {"lang": "es", "value": "Vulnerabilidad desconocida en servidores CVS anteriores a 1.11.10 puede permitir a atacantes causar que el servidor CVS cree directorios y ficheros en el directorio ra\u00edz del sistema de ficheros."}], "lastModified": "2017-10-11T01:29:16.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C"}, {"criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}