Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2004-0180

Published: 01/06/2004 Updated: 03/05/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Cvs

Vulnerability Summary

The client for CVS prior to 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.

Vulnerable Product Search on Vulmon Subscribe to Product

cvs cvs

Vendor Advisories

Debian Security Advisories: DSA-486-1 cvs -- several vulnerabilities
Two vulnerabilities have been discovered and fixed in CVS: CAN-2004-0180 Sebastian Krahmer discovered a vulnerability whereby a malicious CVS pserver could create arbitrary files on the client system during an update or checkout operation, by supplying absolute pathnames in RCS diffs CAN-2004-0405 Derek Robert Price discovered a vulnerabilit ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2004/dsa-486ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.aschttp://www.redhat.com/support/errata/RHSA-2004-153.htmlhttp://www.redhat.com/support/errata/RHSA-2004-154.htmlftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.ascftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patchhttp://security.gentoo.org/glsa/glsa-200404-13.xmlhttp://secunia.com/advisories/11368http://secunia.com/advisories/11371http://secunia.com/advisories/11374http://secunia.com/advisories/11375http://secunia.com/advisories/11377http://secunia.com/advisories/11380http://secunia.com/advisories/11391http://secunia.com/advisories/11400http://secunia.com/advisories/11405http://secunia.com/advisories/11548http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181http://www.mandriva.com/security/advisories?name=MDKSA-2004:028http://marc.info/?l=bugtraq&m=108636445031613&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15864https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042https://nvd.nist.govhttps://www.debian.org/security/./dsa-486
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook