The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cvs | Cvs | * | 1.10 (including) |
Red Hat Enterprise Linux 3 | RedHat | cvs-0:1.11.2-18 | * |
Red Hat Linux 9 | RedHat | * | |
Cvs | Ubuntu | dapper | * |
Cvs | Ubuntu | devel | * |
Cvs | Ubuntu | edgy | * |
Cvs | Ubuntu | feisty | * |