CVE-2003-0977 | Vulnerability Database | Aqua Security

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

Affected Software

Name	Vendor	Start Version	End Version
Cvs	Cvs	1.10.7 (including)	1.10.7 (including)
Cvs	Cvs	1.10.8 (including)	1.10.8 (including)
Cvs	Cvs	1.11 (including)	1.11 (including)
Cvs	Cvs	1.11.1 (including)	1.11.1 (including)
Cvs	Cvs	1.11.1_p1 (including)	1.11.1_p1 (including)
Cvs	Cvs	1.11.2 (including)	1.11.2 (including)
Cvs	Cvs	1.11.3 (including)	1.11.3 (including)
Cvs	Cvs	1.11.4 (including)	1.11.4 (including)
Cvs	Cvs	1.11.5 (including)	1.11.5 (including)
Cvs	Cvs	1.11.6 (including)	1.11.6 (including)
Red Hat Enterprise Linux 3	RedHat	cvs-0:1.11.2-14	*
Red Hat Linux 9	RedHat		*

References

ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808
http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2
http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2
http://secunia.com/advisories/10601
http://www.debian.org/security/2004/dsa-422
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0977
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html