CVE-2003-0977

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1	Patch
http://www.debian.org/security/2004/dsa-422	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-003.html
http://www.redhat.com/support/errata/RHSA-2004-004.html
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://secunia.com/advisories/10601
http://marc.info/?l=bugtraq&m=107168035515554&w=2
http://marc.info/?l=bugtraq&m=107540163908129&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cvs:cvs:1.10.7:::::::*
	cpe:2.3:a:cvs:cvs:1.10.8:::::::*
	cpe:2.3:a:cvs:cvs:1.11:::::::*
	cpe:2.3:a:cvs:cvs:1.11.6:::::::*
	cpe:2.3:a:cvs:cvs:1.11.4:::::::*
	cpe:2.3:a:cvs:cvs:1.11.5:::::::*
	cpe:2.3:a:cvs:cvs:1.11.1:::::::*
	cpe:2.3:a:cvs:cvs:1.11.1_p1:::::::*
	cpe:2.3:a:cvs:cvs:1.11.2:::::::*
	cpe:2.3:a:cvs:cvs:1.11.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:slackware:slackware_linux:8.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.1:::::::*

Information

Published : 2004-01-04 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2003-0977

Mitre link : CVE-2003-0977

JSON object : View

CWE

NVD-CWE-Other

Products Affected

slackware

slackware_linux

cvs

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", "name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2004/dsa-422", "name": "DSA-422", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-003.html", "name": "RHSA-2004:003", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-004.html", "name": "RHSA-2004:004", "tags": [], "refsource": "REDHAT"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc", "name": "20040103-01-U", "tags": [], "refsource": "SGI"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808", "name": "CLA-2004:808", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112", "name": "MDKSA-2003:112", "tags": [], "refsource": "MANDRAKE"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc", "name": "20040202-01-U", "tags": [], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/10601", "name": "10601", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=107168035515554&w=2", "name": "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=107540163908129&w=2", "name": "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929", "name": "cvs-module-file-manipulation(13929)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866", "name": "oval:org.mitre.oval:def:866", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855", "name": "oval:org.mitre.oval:def:855", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528", "name": "oval:org.mitre.oval:def:11528", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0977", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-01-05T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

7.5 /10