Lucene search

K
suseSuseSUSE-SA:2004:015
HistoryJun 09, 2004 - 1:52 p.m.

remote command execution in cvs

2004-06-0913:52:11
lists.opensuse.org
27

EPSS

0.933

Percentile

99.1%

The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stefan Esser and Sebastian Krahmer (SuSE Security-Team). These bugs allow remote attackers to execute arbitrary code as the user the CVS server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. The update packages fix vulnerabilities which have been assigned the CAN numbers CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418. The cvs packages shipped by SUSE (as well as our recent updates for CVS) are not vulnerable to CAN-2004-0414.