Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:CVS:CVS-FILE-INFO

Severity

 Minor

Recommended

 No

Category

 APP

Keywords

 CVS File Existence Information Leak

Release Date

 2004/09/01

Update Number

 1213

Supported Platforms

 idp-4.1+, isg-3.5+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: CVS File Existence Information Leak


This signature detects CVS sessions using the undocumented "-X" flag, which enables a user to save the command history to a user-defined file. Malicious users can use this flag to determine the existence of files on the CVS server. Note: File contents are not readable through this method.

Extended Description

CVS is reported prone to an information disclosure vulnerability in an undocumented 'history' command flag. This vulnerability presents itself when a remote attacker connects to a CVS pserver via TCP. An attacker may utilize the history command to issue requests that will return information about files readable by the CVS server process. This vulnerability may aid an attacker in further compromise of the server. Versions of CVS prior to 1.11.17 and prior to 1.12.9 are reportedly vulnerable.

Affected Products

  • Cvs cvs 1.10.6
  • Cvs cvs 1.10.7
  • Cvs cvs 1.10.8
  • Cvs cvs 1.11.0
  • Cvs cvs 1.11.1
  • Cvs cvs 1.11.10
  • Cvs cvs 1.11.11
  • Cvs cvs 1.11.14
  • Cvs cvs 1.11.15
  • Cvs cvs 1.11.16
  • Cvs cvs 1.11.1 P1
  • Cvs cvs 1.11.2
  • Cvs cvs 1.11.3
  • Cvs cvs 1.11.4
  • Cvs cvs 1.11.5
  • Cvs cvs 1.11.6
  • Cvs cvs 1.12.1
  • Cvs cvs 1.12.2
  • Cvs cvs 1.12.5
  • Cvs cvs 1.12.7
  • Cvs cvs 1.12.8
  • Freebsd freebsd 1.1.5 .1
  • Freebsd freebsd 2.0.0
  • Freebsd freebsd 2.0.5
  • Freebsd freebsd 2.1.0
  • Freebsd freebsd 2.1.0 X
  • Freebsd freebsd 2.1.5
  • Freebsd freebsd 2.1.6
  • Freebsd freebsd 2.1.6 .1
  • Freebsd freebsd 2.1.7 .1
  • Freebsd freebsd 2.2.0
  • Freebsd freebsd 2.2.0 X
  • Freebsd freebsd 2.2.2
  • Freebsd freebsd 2.2.3
  • Freebsd freebsd 2.2.4
  • Freebsd freebsd 2.2.5
  • Freebsd freebsd 2.2.6
  • Freebsd freebsd 2.2.8
  • Freebsd freebsd 3.0.0
  • Freebsd freebsd 3.0.0 -RELENG
  • Freebsd freebsd 3.1.0
  • Freebsd freebsd 3.1.0 X
  • Freebsd freebsd 3.2.0
  • Freebsd freebsd 3.2.0 X
  • Freebsd freebsd 3.3.0
  • Freebsd freebsd 3.3.0 X
  • Freebsd freebsd 3.4.0
  • Freebsd freebsd 3.4.0 X
  • Freebsd freebsd 3.5.0
  • Freebsd freebsd 3.5.0 -STABLE
  • Freebsd freebsd 3.5.0 -Stablepre050201
  • Freebsd freebsd 3.5.0 -Stablepre122300
  • Freebsd freebsd 3.5.0 X
  • Freebsd freebsd 3.5.1
  • Freebsd freebsd 3.5.1 -RELEASE
  • Freebsd freebsd 3.5.1 -STABLE
  • Freebsd freebsd 3.5.1 -Stablepre2001-07-20
  • Freebsd freebsd 4.0.0
  • Freebsd freebsd 4.0.0 Alpha
  • Freebsd freebsd 4.0.0 -RELENG
  • Freebsd freebsd 4.0.0 .X
  • Freebsd freebsd 4.1.0
  • Freebsd freebsd 4.10.0
  • Freebsd freebsd 4.10.0 -RELEASE
  • Freebsd freebsd 4.10.0 -RELENG
  • Freebsd freebsd 4.10-PRERELEASE
  • Freebsd freebsd 4.1.1
  • Freebsd freebsd 4.1.1 -RELEASE
  • Freebsd freebsd 4.1.1 -STABLE
  • Freebsd freebsd 4.2.0
  • Freebsd freebsd 4.2.0 -RELEASE
  • Freebsd freebsd 4.2.0 -STABLE
  • Freebsd freebsd 4.2.0 -Stablepre050201
  • Freebsd freebsd 4.2.0 -Stablepre122300
  • Freebsd freebsd 4.3.0
  • Freebsd freebsd 4.3.0 -RELEASE
  • Freebsd freebsd 4.3.0 -RELEASE-P38
  • Freebsd freebsd 4.3.0 -RELENG
  • Freebsd freebsd 4.3.0 -STABLE
  • Freebsd freebsd 4.4.0
  • Freebsd freebsd 4.4.0 -RELEASE-P42
  • Freebsd freebsd 4.4.0 -RELENG
  • Freebsd freebsd 4.4.0 -STABLE
  • Freebsd freebsd 4.5.0
  • Freebsd freebsd 4.5.0 -RELEASE
  • Freebsd freebsd 4.5.0 -RELEASE-P32
  • Freebsd freebsd 4.5.0 -RELENG
  • Freebsd freebsd 4.5.0 -STABLE
  • Freebsd freebsd 4.5.0 -Stablepre2002-03-07
  • Freebsd freebsd 4.6.0
  • Freebsd freebsd 4.6.0 -RELEASE
  • Freebsd freebsd 4.6.0 -RELEASE-P20
  • Freebsd freebsd 4.6.0 -RELENG
  • Freebsd freebsd 4.6.0 -STABLE
  • Freebsd freebsd 4.6.2
  • Freebsd freebsd 4.7.0
  • Freebsd freebsd 4.7.0 -RELEASE
  • Freebsd freebsd 4.7.0 -RELEASE-P17
  • Freebsd freebsd 4.7.0 -RELENG
  • Freebsd freebsd 4.7.0 -STABLE
  • Freebsd freebsd 4.8.0
  • Freebsd freebsd 4.8.0 -PRERELEASE
  • Freebsd freebsd 4.8.0 -RELEASE-P7
  • Freebsd freebsd 4.8.0 -RELENG
  • Freebsd freebsd 4.9.0
  • Freebsd freebsd 4.9.0 -PRERELEASE
  • Freebsd freebsd 4.9.0 -RELENG
  • Freebsd freebsd 5.0.0
  • Freebsd freebsd 5.0.0 Alpha
  • Freebsd freebsd 5.0.0 -RELEASE-P14
  • Freebsd freebsd 5.0.0 -RELENG
  • Freebsd freebsd 5.1.0
  • Freebsd freebsd 5.1.0 -RELEASE
  • Freebsd freebsd 5.1.0 -RELEASE/Alpha
  • Freebsd freebsd 5.1.0 -RELEASE-P5
  • Freebsd freebsd 5.1.0 -RELENG
  • Freebsd freebsd 5.2.0
  • Freebsd freebsd 5.2.0 -RELEASE
  • Freebsd freebsd 5.2.0 -RELENG
  • Freebsd freebsd 5.2.1 -RELEASE

References

  • BugTraq: 10955
  • CVE: CVE-2004-0778
  • URL: http://securitytracker.com/id?1010958
  • URL: http://www.kb.cert.org/vuls/id/579225

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out