APP: CVS File Existence Information Leak
This signature detects CVS sessions using the undocumented "-X" flag, which enables a user to save the command history to a user-defined file. Malicious users can use this flag to determine the existence of files on the CVS server. Note: File contents are not readable through this method.
Extended Description
CVS is reported prone to an information disclosure vulnerability in an undocumented 'history' command flag. This vulnerability presents itself when a remote attacker connects to a CVS pserver via TCP. An attacker may utilize the history command to issue requests that will return information about files readable by the CVS server process. This vulnerability may aid an attacker in further compromise of the server. Versions of CVS prior to 1.11.17 and prior to 1.12.9 are reportedly vulnerable.
Affected Products
Freebsd freebsd
References
BugTraq: 10955
CVE: CVE-2004-0778
URL: http://securitytracker.com/id?1010958 http://www.kb.cert.org/vuls/id/579225
Short Name
APP:CVS:CVS-FILE-INFO
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-0778 CVS Existence File Information Leak bid:10955
Release Date
09/01/2004
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Cvs
Freebsd
CVSS Score
5.0