Info

Disclosure

Aug 05, 2004

Discovery

Unknown

Dates

Exploit

Aug 05, 2004

Solution

Unknown

Description

CVStrac contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due tot he filediff command not properly sanitizing input to the rcsinfo variable. With a specially crafted request, an attacker can execute arbitrary commands with the same permissions as the running server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

CVSTrac

1.1.3

References

Security Tracker: 1010880
Bugtraq ID: 10878
Secunia Advisory ID: 12090
ISS X-Force ID: 16929
CVE ID: 2004-1456 (see also: NVD)
Milw0rm: 379
Exploit Database: 379
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0054.html
http://archives.neohapsis.com/archives/bugtraq/2004-08/0082.html
Vendor URL: http://www.cvstrac.org/
Vendor Specific Advisory URL: http://www.cvstrac.org/cvstrac/chngview?cn=316
http://www.cvstrac.org/cvstrac/tktview?tn=339

Credit

Richard Ngo - rtngoyahoo.com -

Direct URL: http://osvdb.org/8373