 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50317 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-110 (cvs) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to cvs announced via advisory FEDORA-2004-110. CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. Update Information: The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates. Updated packages were made available in April 2004 however the original update notification email did not make it to fedora-announce-list at that time. * Wed Apr 21 2004 Nalin Dahyabhai - update to 1.11.15, fixing CVE-2004-0180 (#120969) * Tue Mar 23 2004 Nalin Dahyabhai - update to 1.11.14 * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Jan 07 2004 Nalin Dahyabhai - turn kserver, which people shouldn't use any more, back on * Tue Dec 30 2003 Nalin Dahyabhai - update to 1.11.11 * Thu Dec 18 2003 Nalin Dahyabhai - update to 1.11.10 Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-110.shtml Risk factor : Medium CVSS Score: 2.6 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0180 Debian Security Information: DSA-486 (Google Search) http://www.debian.org/security/2004/dsa-486 http://marc.info/?l=bugtraq&m=108636445031613&w=2 FreeBSD Security Advisory: FreeBSD-SA-04:07 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc http://security.gentoo.org/glsa/glsa-200404-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:028 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462 http://www.redhat.com/support/errata/RHSA-2004-153.html http://www.redhat.com/support/errata/RHSA-2004-154.html http://secunia.com/advisories/11368 http://secunia.com/advisories/11371 http://secunia.com/advisories/11374 http://secunia.com/advisories/11375 http://secunia.com/advisories/11377 http://secunia.com/advisories/11380 http://secunia.com/advisories/11391 http://secunia.com/advisories/11400 http://secunia.com/advisories/11405 http://secunia.com/advisories/11548 SGI Security Advisory: 20040404-01-U ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181 SuSE Security Announcement: SuSE-SA:2004:008 (Google Search) XForce ISS Database: cvs-rcs-create-files(15864) https://exchange.xforce.ibmcloud.com/vulnerabilities/15864 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |