FreeBSD Ports: Cvs+ipv6 Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102 http://www.vuxml.org/freebsd/0792e7a7-8e37-11d8-90d1-0020ed76ef5a.html

Insight

The following package is affected: cvs+ipv6 CVE-2004-0180 The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. CVE-2004-0405 CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.

Severity

Classification

CVE CVE-2004-0180, CVE-2004-0405
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

FreeBSD Ports: bugzilla
FreeBSD Ports: bind96
FreeBSD Ports: cabextract
FreeBSD Ports: bugzilla
FreeBSD Ports: bzip2

FreeBSD Ports: cvs+ipv6

Take action and discover your vulnerabilities