CVE-2003-0977

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1	Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
http://marc.info/?l=bugtraq&m=107168035515554&w=2
http://marc.info/?l=bugtraq&m=107540163908129&w=2
http://secunia.com/advisories/10601
http://www.debian.org/security/2004/dsa-422	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1	Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
http://marc.info/?l=bugtraq&m=107168035515554&w=2
http://marc.info/?l=bugtraq&m=107540163908129&w=2
http://secunia.com/advisories/10601
http://www.debian.org/security/2004/dsa-422	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cvs:cvs:1.10.7:::::::*
	cpe:2.3:a:cvs:cvs:1.10.8:::::::*
	cpe:2.3:a:cvs:cvs:1.11:::::::*
	cpe:2.3:a:cvs:cvs:1.11.1:::::::*
	cpe:2.3:a:cvs:cvs:1.11.1_p1:::::::*
	cpe:2.3:a:cvs:cvs:1.11.2:::::::*
	cpe:2.3:a:cvs:cvs:1.11.3:::::::*
	cpe:2.3:a:cvs:cvs:1.11.4:::::::*
	cpe:2.3:a:cvs:cvs:1.11.5:::::::*
	cpe:2.3:a:cvs:cvs:1.11.6:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:slackware:slackware_linux:8.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.1:::::::*

History

No history.

Information

Published : 2004-01-05 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-0977

Mitre link : CVE-2003-0977

CVE.ORG link : CVE-2003-0977

JSON object : View

Products Affected

cvs

slackware

slackware_linux

CWE

NVD-CWE-Other

7.5 /10