CVE-2003-0977

Published: Jan 5, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

Affected (13)

Products: Cvs: Cvs · Slackware: Slackware Linux

1 product

1 product

Slackware Linux

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Cvs Cvs	Version 1.10.7
Cvs Cvs	Version 1.10.8
Cvs Cvs	Version 1.11.1
Cvs Cvs	Version 1.11.1_p1
Cvs Cvs	Version 1.11.2
Cvs Cvs	Version 1.11.3
Cvs Cvs	Version 1.11.4
Cvs Cvs	Version 1.11.5
Cvs Cvs	Version 1.11.6
Cvs Cvs	Version 1.11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Slackware Slackware Linux	Version 8.1
Slackware Slackware Linux	Version 9.0
Slackware Slackware Linux	Version 9.1

References (30)

ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc (unsafe URL)

Source: cve@mitre.org

http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1

Source: cve@mitre.org

Patch

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107168035515554&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=107540163908129&w=2

Source: cve@mitre.org

http://secunia.com/advisories/10601

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-422

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2003:112

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-003.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-004.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/13929

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=107168035515554&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=107540163908129&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/10601

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-422

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2003:112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-004.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/13929

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.