Linux Security
    Linux Security
    Linux Security

    Debian: cvsweb vulnerability

    Posted By
    cvsweb is vulnerable to a remote shell exploit.
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.                         Wichert Akkerman
    July 16, 2000
    - ------------------------------------------------------------------------
    Package: cvsweb
    Vulnerability type: remote shell
    Debian-specific: no
    The versions of cvsweb distributed in Debian GNU/Linux 2.1 (aka slink) as
    well as in the frozen (potato) and unstable (woody) distributions, are
    vulnerable to a remote shell exploit. An attacker with write access to the
    cvs repository can execute arbitrary code on the server, as the www-data
    The vulnerability is fixed in version 109 of cvsweb for the current stable
    release (Debian 2.1), in version 1.79-3potato1 for the frozen distribution,
    and in version 1.86-1 for the unstable distribution.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    Debian GNU/Linux 2.1 alias slink
    - ------------------------------------
      Source archives:
          MD5 checksum: b1810728310882fb72078674521ee369
          MD5 checksum: 4c42ec3ba7248fc2499cdfaa6ae6b702
      Architecture indendent archives:
          MD5 checksum: fe9144254ab224923ac627aef7ec2167
    Debian GNU/Linux 2.2 alias potato
    - -------------------------------------
      Please note that potato has not been released yet.
      Source archives:
          MD5 checksum: 9dcb469f5da602cd53e41258febba244
          MD5 checksum: b4aceba93a6721486f8ca42f230c7271
          MD5 checksum: c755a4c75d4c8844274458ae5953823b
      Binary package for all architectures:
          MD5 checksum: 1b89d61312925ee7934108c4f638d912
    Debian GNU/Linux unstable alias woody
    - -------------------------------------
      Please note that woody has not been released yet.
      Source archives:
          MD5 checksum: e3fc2117d689746eaa2cf4c8a701aa4e 
          MD5 checksum: 0b2b9bf0b1fe39552da03698ba37bc36
          MD5 checksum: ea93ed274ec6fbd49cec57c759747cb7
      Binary package for all architectures:
          MD5 checksum: a99c605e0d77f1c56a82c95a3dc6d83f
    - -- 
    - ----------------------------------------------------------------------------
    For apt-get: deb stable updates
    For dpkg-ftp: dists/stable/updates
    Mailing list: debian-security-This email address is being protected from spambots. You need JavaScript enabled to view it.
    Version: 2.6.3ia
    Charset: noconv
    -----END PGP SIGNATURE-----

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.