Executive Summary
| Summary | |
|---|---|
| Title | New cvs packages fix unauthorised repository access |
| Informations | |||
|---|---|---|---|
| Name | DSA-715 | First vendor Publication | 2005-04-27 |
| Vendor | Debian | Last vendor Modification | 2005-04-27 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several problems have been discovered in the CVS server, which serves the popular Concurrent Versions System. The Common Vulnerability and Exposures project identifies the following problems: CAN-2004-1342 Maks Polunin and Alberto Garcia discovered independently that using the pserver access method in connection with the repouid patch that Debian uses it is possible to bypass the password and gain access to the repository in question. CAN-2004-1343 Alberto Garcia discovered that a remote user can cause the cvs server to crash when the cvs-repouids file exists but does not contain a mapping for the current repository, which can be used as a denial of service attack. For the stable distribution (woody) these problems have been fixed in version 1.11.1p1debian-10. For the unstable distribution (sid) these problems have been fixed in version 1.12.9-11. We recommend that you upgrade your cvs package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-715 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 715-1 (cvs) File : nvt/deb_715_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 15888 | Debian CVS cvs-repouids File Mapping Issue DoS Debian CVS contains a flaw that may allow a remote denial of service. The issue is triggered when a cvs-repouids file is created without creating a mapping to a repository, causing the CVS server to crash and resulting in loss of availability. |
| 15887 | Debian CVS repouid Patch pserver Access Method Authentication Bypass Debian CVS contains a flaw that may allow a malicious user to bypass the password protection. The issue is triggered when using the pserver access method in conjunction with the repouid patch, allowing an attacker to to bypass user authentication and gain access to the repository, resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-04-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-715.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:00 |
|
