A vulnerability exists in CVS server before 1.11.10. By sending a malformed module request, an attacker could create directories and files in the filesystem root. CAN-2003-0977 Affects: 2.1AS 2.1AW 2.1ES 2.1WS CAN-2003-0977 Affects: 3AS 3ES 3WS
Fixed http://rhn.redhat.com/errata/RHSA-2004-004.html