Overview
CVSTrac fails to check the validity of input passed to the "rcsinfo" parameter of "filediff." This allows execution of arbitrary commands on the server.
Description
CVSTrac is a web-based bug and patch set tracking system for use with CVS. CVSTrac 1.1.3 and earlier fail to properly sanitize input to the "rcsinfo" parameter of the "filediff" command. By passing specially crafted arguments to the "rcsinfo" parameter, a remote attacker can execute arbitrary commands on the server. |
Impact
A remote authenticated user who has the permissions to check in CVS files can run arbitrary shell commands on the server with the privileges of the CVSTrac process. By default, anonymous users cannot access the vulnerable "filediff" method. |
Solution
This issue is resolved in CVSTrac version 1.1.4 or see the "Systems Affected" section for vendor-specific resolutions. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.securityfocus.com/bid/10878
- http://secunia.com/advisories/12090/
- http://www.cvstrac.org/cvstrac/tktview?tn=339
- http://www.cvstrac.org/cvstrac/chngview?cn=316
- http://securitytracker.com/alerts/2004/Aug/1010880.html
- http://securitytracker.com/alerts/2004/Aug/1010892.html
- http://www.osvdb.org/8373
- http://xforce.iss.net/xforce/xfdb/16929
Acknowledgements
Thanks to Richard Ngo for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| CVE IDs: | None |
| Severity Metric: | 16.88 |
| Date Public: | 2004-08-09 |
| Date First Published: | 2004-08-23 |
| Date Last Updated: | 2004-08-23 17:50 UTC |
| Document Revision: | 12 |