|
Family: Debian Local Security Checks --> Category: infos
[DSA117] DSA-117-1 cvs Vulnerability Scan
Vulnerability Scan Summary DSA-117-1 cvs
Detailed Explanation for this Vulnerability Test
Kim Nielsen recently found an internal problem with the CVS server and
reported it to the vuln-dev mailing list. The problem is triggered by
an improperly initialized global variable. A user exploiting this can
crash the CVS server, which may be accessed through the pserver
service and running under a remote user id. It is not yet clear if
the remote account can be exposed, though.
This problem has been fixed in version 1.10.7-9 for the stable Debian
distribution with help of Niels Heinen and in versions newer
than 1.11.1p1debian-3 for the
testing and unstable distribution of Debian (not yet uploaded,
though).
We recommend that you upgrade your CVS package.
Solution : http://www.debian.org/security/2002/dsa-117
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|