CVS Malformed Request System Root File Creation Vulnerability

Bugtraq ID: 9178
Class: Input Validation Error
CVE: CVE-2003-0977
Remote: Yes
Local: No
Published: Dec 09 2003 12:00AM
Updated: Jul 12 2009 12:56AM
Credit: Vulnerability disclosed by Derek Price.
Vulnerable: Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Workstation 6.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Server 6.5
Turbolinux Turbolinux Server 6.1
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux Advanced Server 6.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
SGI ProPack 2.4
SGI ProPack 2.3
RedHat cvs-1.11.2-10.i386.rpm
+ RedHat Linux 9.0 i386
 CVS CVS 1.12.2
+ OpenPKG OpenPKG Current
 CVS CVS 1.12.1
+ OpenPKG OpenPKG 1.3
CVS CVS 1.11.6
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
CVS CVS 1.11.5
+ OpenPKG OpenPKG 1.2
+ S.u.S.E. Linux Personal 8.2
CVS CVS 1.11.4
CVS CVS 1.11.3
CVS CVS 1.11.2
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
 + RedHat Linux 8.0
+ Slackware Linux 8.1
CVS CVS 1.11.1 p1
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ OpenBSD OpenBSD 3.5
 + OpenBSD OpenBSD 3.4
 + OpenBSD OpenBSD 3.3
 + OpenBSD OpenBSD 3.2
 + OpenBSD OpenBSD 3.1
 + Red Hat Linux 6.2
 + RedHat Linux 7.3 i386
 + RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
 + RedHat Linux 7.2 i386
 + RedHat Linux 7.2 alpha
 + RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 alpha
 + RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
 + RedHat Linux 7.0 i386
 + RedHat Linux 7.0 alpha
 + RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
 + RedHat Linux 6.2 i386
 + S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7+
 CVS CVS 1.11.1
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
CVS CVS 1.11
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
CVS CVS 1.10.8
+ Conectiva Linux 6.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
CVS CVS 1.10.7
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
CVS CVS 1.10.6
CrossWind CyberScheduler 1.10.7
Not Vulnerable: CVS CVS 1.11.10


 

Privacy Statement
Copyright 2010, SecurityFocus