Red Hat Bugzilla – Bug 118719
CAN-2004-0180 Malicious CVS server
Last modified: 2007-11-30 17:06:54 EST
Sebastian Krahmer discovered a flaw in CVS clients where rcs diff
files can create files with absolute pathnames. An attacker could
create a fake malicious CVS server that would cause arbitrary files to
be created or overwritten when a victim connects to it.
Embargoed; not sure on public date yet. Possibly March 22nd or Apr 14th
or March 31st.
CAN-2004-0180 Affects: 2.1AS 2.1ES 2.1WS 2.1AW
CAN-2004-0180 Affects: 3AS 3ES 3WS
note: embargo date set as Apr14
RHSA-2004:153 in progress
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.