Mandrake Linux Security Advisory : cvs (MDKSA-2004:108)

2004-10-20T00:00:00
ID MANDRAKE_MDKSA-2004-108.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them.

This flaw has been fixed in CVS version 1.1.17.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2004:108. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(15522);
  script_version ("1.17");
  script_cvs_date("Date: 2018/07/19 20:59:13");

  script_cve_id("CVE-2004-0778");
  script_xref(name:"MDKSA", value:"2004:108");

  script_name(english:"Mandrake Linux Security Advisory : cvs (MDKSA-2004:108)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an
undocumented switch implemented in CVS' history command. The -X switch
specifies the name of the history file which allows an attacker to
determine whether arbitrary system files and directories exist and
whether or not the CVS process has access to them.

This flaw has been fixed in CVS version 1.1.17."
  );
  # http://www.idefense.com/application/poi/display?id=130&type=vulnerabilities
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4b00c0a7"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected cvs package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cvs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", reference:"cvs-1.11.17-1.1.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.2", reference:"cvs-1.11.17-1.1.92mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");