CVSTrac Chdir() Chroot Jail Escape Network Vulnerability

Summary

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir() function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web root. ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.

Solution

Update to version 1.1.4 or disable this CGI suite

Severity

Classification

CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N

Related Vulnerabilities

ARRIS 2307 Unprotected Web Console
artmedic_links5 File Inclusion Vulnerability
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities

CVSTrac chdir() chroot jail escape

Take action and discover your vulnerabilities