Executive Summary

Informations
Name CVE-2003-0977 First vendor Publication 2004-01-05
Vendor Cve Last vendor Modification 2017-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0977

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11528
 
Oval ID: oval:org.mitre.oval:def:11528
Title: CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
Description: CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0977
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:855
 
Oval ID: oval:org.mitre.oval:def:855
Title: Red Hat CVS Server root Directory Access Vulnerability
Description: CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0977
Version: 2
Platform(s): Red Hat Linux 9
Product(s): CVS server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:866
 
Oval ID: oval:org.mitre.oval:def:866
Title: Red Hat Enterprise 3 CVS Server root Directory Access Vulnerability
Description: CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0977
Version: 2
Platform(s): Red Hat Enterprise Linux 3
Product(s): CVS server
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Os 3

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200312-04 (CVS)
File : nvt/glsa_200312_04.nasl
2008-01-17 Name : Debian Security Advisory DSA 422-1 (cvs)
File : nvt/deb_422_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
2941 CVS pserver Crafted Module Request Arbitrary File / Directory Creation

CVS contains a flaw that allows a remote attacker to create arbitrary files and directories on a vulnerable server. This is due to CVS not checking attempts to create files or directories.

Snort® IPS/IDS

Date Description
2014-01-10 CVS non-relative path access attempt
RuleID : 2318-community - Revision : 8 - Type : SERVER-OTHER
2014-01-10 CVS non-relative path access attempt
RuleID : 2318 - Revision : 8 - Type : SERVER-OTHER
2014-01-10 CVS non-relative path error response
RuleID : 2317-community - Revision : 10 - Type : INDICATOR-COMPROMISE
2014-01-10 CVS non-relative path error response
RuleID : 2317 - Revision : 10 - Type : INDICATOR-COMPROMISE

Nessus® Vulnerability Scanner

Date Description
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-422.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2003-112.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2004-004.nasl - Type : ACT_GATHER_INFO
2003-12-11 Name : The revision control service running on the remote host has an arbitrary file...
File : cvs_dir_create.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://marc.info/?l=bugtraq&m=107168035515554&w=2
http://marc.info/?l=bugtraq&m=107540163908129&w=2
CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
CONFIRM http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdser...
DEBIAN http://www.debian.org/security/2004/dsa-422
MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
SECUNIA http://secunia.com/advisories/10601
SGI ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/13929

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:02:02
  • Multiple Updates
2021-04-22 01:02:17
  • Multiple Updates
2020-05-23 00:15:32
  • Multiple Updates
2017-10-11 09:23:19
  • Multiple Updates
2017-07-11 12:01:19
  • Multiple Updates
2016-10-18 12:01:14
  • Multiple Updates
2016-04-26 12:38:59
  • Multiple Updates
2014-02-17 10:26:44
  • Multiple Updates
2014-01-19 21:22:02
  • Multiple Updates
2013-05-11 11:53:21
  • Multiple Updates