A weakness has been reported in Concurrent Versions System (CVS), which potentially can be exploited by malicious users to gain knowledge of certain system information.
The problem is caused due to an undocumented switch to the "history" command implemented in "src/history.c". Using the "-X" switch and supplying an arbitrary filename, CVS will try to access the specified file and returns various information depending on whether the file exists and can be accessed.
This behaviour can be exploited to determine the existence and permissions of arbitrary files and directories on a vulnerable system.
The weakness has been reported in version 1.11. Other versions may also be affected.
Solution: This issue has been fixed in versions 1.11.17 and 1.12.9.
Provided and/or discovered by: Originally discovered by:
Re-discovered by an anonymous person and reported through iDEFENSE.
Original Advisory: US-CERT VU#579225:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: CVS File Existence Information Disclosure Weakness
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.