Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SuSE-SA:2004:008: cvs


Vulnerability Assessment Details

SuSE-SA:2004:008: cvs

Vulnerability Assessment Summary
Check for the version of the cvs package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SuSE-SA:2004:008 (cvs).


The Concurrent Versions System (CVS) offers tools which permit developers
to share and maintain large software projects.
During the analyzation of the CVS protocol and their implementation, the
SuSE Security Team discovered a flaw within the handling of pathnames.
Evil CVS servers could specify absolute pathnames during checkouts and
updates, which permits to create arbitrary files with the permissions of
the user invoking the CVS client. This could lead to a compromise of the
system.

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply
the update.

Solution : http://www.suse.de/security/2004_08_cvs.html
Network Security Threat Level: Medium

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors


H261-Z61 2U 24SFF AMD Server 8x EPYC 7551 256-Cores 256GB RAM 8x25G NIC 2x2200W picture

H261-Z61 2U 24SFF AMD Server 8x EPYC 7551 256-Cores 256GB RAM 8x25G NIC 2x2200W

$2512.18



CSE-118 Supermicro 1U 3x GPU Server  2.1Ghz 16-C 128GB CX353A 2x1600W PSU Rails picture

CSE-118 Supermicro 1U 3x GPU Server 2.1Ghz 16-C 128GB CX353A 2x1600W PSU Rails

$450.03



R281-3C2 2U 12 Bay GPU Server 2.2Ghz 20-C 64GB 2x10G SFP+ 2x1200W TrueNAS ZFS picture

R281-3C2 2U 12 Bay GPU Server 2.2Ghz 20-C 64GB 2x10G SFP+ 2x1200W TrueNAS ZFS

$1180.24



CSE-118 Supermicro 1U GPU Server 2.6Ghz 20-C 256GB 2x Nvidia K40 GPU 2x1600W PSU picture

CSE-118 Supermicro 1U GPU Server 2.6Ghz 20-C 256GB 2x Nvidia K40 GPU 2x1600W PSU

$674.03



Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB picture

Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB

$510.00



DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45 picture

DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45

$275.00



Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD picture

Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD

$389.99



SuperMicro Server 505-2 Intel Atom 2.4GHz 8GB RAM SYS-5018A-FTN4 1U Rackmount picture

SuperMicro Server 505-2 Intel Atom 2.4GHz 8GB RAM SYS-5018A-FTN4 1U Rackmount

$224.99



Dell PowerEdge R430 3.5 1U 2x E5-2690 v3 2.6ghz 24-Cores 256gb 4x Trays 2x 550w picture

Dell PowerEdge R430 3.5 1U 2x E5-2690 v3 2.6ghz 24-Cores 256gb 4x Trays 2x 550w

$289.99



HP ProLiant DL380 Gen9 16SFF 2x E5-2680v4 2.4GHz =28 Cores 64GB P840 4xRJ45 picture

HP ProLiant DL380 Gen9 16SFF 2x E5-2680v4 2.4GHz =28 Cores 64GB P840 4xRJ45

$355.00



Discussions

No Discussions have been posted on this vulnerability.