Title: CVS Checkin.prog Binary Execution Vulnerability
Severity: MODERATE
Description:
A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and it is sent back to the server and executed with committing. Note that when it is executed, committed files exist in the current directory.
Since a working directory can be modified by a committer, Checkin.prog may be modified or even newly created. If a malicious committer does this, cvs server executes the modified Checkin.prog. Also note that the committer can create an arbitrary binary file by `cvs add -kb' and `cvs commit'. The malicious committer can execute the recently committed binary file via Checkin.prog triggered by the `cvs commit'.
Affected Products:
- CVS Kit CVS Server 1.10.0 .8
References:
- CVS Developers: Concurrent Versions System Home
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
