Vulnerability Description
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cvs | Cvs | 1.10.7 |
| Slackware | Slackware Linux | 8.1 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8Patch
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
- http://marc.info/?l=bugtraq&m=107168035515554&w=2
- http://marc.info/?l=bugtraq&m=107540163908129&w=2
- http://secunia.com/advisories/10601
- http://www.debian.org/security/2004/dsa-422PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
- http://www.redhat.com/support/errata/RHSA-2004-003.html
- http://www.redhat.com/support/errata/RHSA-2004-004.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2003-0977?
CVE-2003-0977 is a vulnerability with a CVSS score of 7.5 (HIGH). CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
How severe is CVE-2003-0977?
CVE-2003-0977 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0977?
Check the references section above for vendor advisories and patch information. Affected products include: Cvs Cvs, Slackware Slackware Linux.