| VID |
21357 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CVSTrac installed on the Web server, according to its version number, has multiple vulnerabilities.
CVSTrac is a Web-based bug and patch tracking system for CVS (Concurrent Version Service). The versions prior to CVSTrac 1.1.4 are vulnerable to the following vulnerabilities:
- Invalid Ticket Denial of Service Vulnerability: A remote attacker could use this vulnerability to remotely shut down the CVSTrac server.
- 'cgi.c' Multiple Buffer Overflow Vulnerabilities: A remote attacker could execute arbitrary code on the remote system, caused by a buffer overflow flaw in the mprintf(), vmprintf(), and vxprintf() in cgi.c.
- 'chdir()' chroot Jail Escape Vulnerability: A remote attacker could access files outside of the web root by escaping the chroot jail.
- Ticket Tile Command Execution Vulnerability: A remote attacker could execute arbitrary commands on the system, caused by ticket titles containing a semi-colon(;).
- 'history_update()' Buffer Overflow Vulnerability: A remote attacker could execute arbitrary code on the remote system, caused by a buffer overflow flaw in the history_update() function in history.c.
- 'timeline_page()' Buffer Overflow Vulnerability: A remote attacker could execute arbitrary code on the remote system, caused by a buffer overflow in the timeline_page() function in timeline.c.
- Malformed URI infinite loop Denial of Service Vulnerbility: A remote attacker could causes the application to hang by sending a malformed URL.
* Note: This check solely relied on the version number of the remote CVSTrac installed on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=8644
http://www.osvdb.org/displayvuln.php?osvdb_id=8637
http://www.osvdb.org/displayvuln.php?osvdb_id=8640
http://www.osvdb.org/displayvuln.php?osvdb_id=8643
http://www.osvdb.org/displayvuln.php?osvdb_id=8645
http://www.osvdb.org/displayvuln.php?osvdb_id=8638
http://www.osvdb.org/displayvuln.php?osvdb_id=8646
* Platforms Affected:
Open Source Development, CVSTrac 1.1.3 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of CVSTrac (1.1.4 or later) from the CVSTrac Download site at http://www.cvstrac.org/cvstrac/wiki?p=DownloadCvstrac |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
