CVS file existence information disclosure weakness

Remote CVS server allows malicious users to gain knowledge of system information

Reporter	Title	Published	Views	Family All 23
Tenable Nessus	CVS history.c File Existence Disclosure	18 Aug 200400:00	–	nessus
Tenable Nessus	CVS history.c File Existence Information Disclosure	20 Aug 200400:00	–	nessus
Tenable Nessus	Debian DSA-519-1 : cvs - several vulnerabilities	29 Sep 200400:00	–	nessus
Tenable Nessus	FreeBSD : cvs -- numerous vulnerabilities (29)	17 Aug 200400:00	–	nessus
Tenable Nessus	FreeBSD : cvs -- numerous vulnerabilities (d2102505-f03d-11d8-81b0-000347a4fa7d)	23 Apr 200900:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : cvs (MDKSA-2004:108)	20 Oct 200400:00	–	nessus
Tenable Nessus	RHEL 2.1 / 3 : cvs (RHSA-2004:233)	6 Jul 200400:00	–	nessus
CVE	CVE-2004-0778	18 Aug 200404:00	–	cve
Cvelist	CVE-2004-0778	18 Aug 200404:00	–	cvelist
Debian CVE	CVE-2004-0778	18 Aug 200404:00	–	debiancve

# OpenVAS Vulnerability Test
# $Id: cvs_file_existence_info_weak.nasl 8023 2017-12-07 08:36:26Z teissa $
# Description: CVS file existence information disclosure weakness
#
# Authors:
# David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from (C) Tenable Network Security
#
# Copyright:
# Copyright (C) 2004 David Maciejak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "The remote CVS server, according to its version number,
can be exploited by malicious users to gain knowledge of 
certain system information.

This behaviour can be exploited to determine the existence 
and permissions of arbitrary files and directories on a 
vulnerable system.";

tag_solution = "Upgrade to CVS 1.11.17 and 1.12.9, or newer";

# Ref: Sebastian Krahmer

if(description)
{
 script_id(14313);
 script_version("$Revision: 8023 $");
 script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
 script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
 script_bugtraq_id(10955);
 script_cve_id("CVE-2004-0778");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
 
 
 name = "CVS file existence information disclosure weakness";
 script_name(name);
 


 
 script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_banner");
 
 script_copyright("This script is Copyright (C) 2004 David Maciejak");
 family = "General";
 script_family(family);
 script_require_ports("Services/cvspserver", 2401);
 script_dependencies("find_service.nasl", "cvspserver_version.nasl");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

port = get_kb_item("Services/cvspserver");
if(!port) port = 2401;
if(!get_port_state(port)) exit(0);

version = get_kb_item(string("cvs/", port, "/version"));
if(ereg(pattern:".* 1\.([0-9]\.|10\.|11\.([0-9][^0-9]|1[0-6])|12\.[0-8][^0-9]).*", string:version))
     		security_message(port);

07 Dec 2017 00:00Current

6.7Medium risk

Vulners AI Score6.7

EPSS0.04063