FKIE_CVE-2003-0977

Vulnerability from fkie_nvd - Published: 2004-01-05 05:00 - Updated: 2026-04-16 00:27
Severity
Summary
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
cve@mitre.orghttp://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1Patch
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107168035515554&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107540163908129&w=2
cve@mitre.orghttp://secunia.com/advisories/10601
cve@mitre.orghttp://www.debian.org/security/2004/dsa-422Patch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:112
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-003.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-004.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/13929
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1Patch
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107168035515554&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107540163908129&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10601
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-422Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:112
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-003.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-004.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/13929
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866
Impacted products
Vendor Product Version
cvs cvs 1.10.7
cvs cvs 1.10.8
cvs cvs 1.11
cvs cvs 1.11.1
cvs cvs 1.11.1_p1
cvs cvs 1.11.2
cvs cvs 1.11.3
cvs cvs 1.11.4
cvs cvs 1.11.5
cvs cvs 1.11.6
slackware slackware_linux 8.1
slackware slackware_linux 9.0
slackware slackware_linux 9.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F7CA6E-7D45-46C9-A437-0D0C4D3F25CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92B456C-5F8E-4DC2-940C-AE06B42DD3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B53C85-AA0E-40DD-B477-058586197714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1D1234F-1BB0-432B-B7B7-A97E3ADD5561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D472B97-F7C2-4973-9D71-AB3CF1F8774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0DCF26-59A8-46AC-99D7-97C203A0D702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31BAACA-7518-48D2-ADEE-F59F4569D3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D2748A8-5047-4338-A08E-986497AE4B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "525C4E91-2186-4D3A-9DF0-1C6A75A3F919",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad desconocida en servidores CVS anteriores a 1.11.10 puede permitir a atacantes causar que el servidor CVS cree directorios y ficheros en el directorio ra\u00edz del sistema de ficheros."
    }
  ],
  "id": "CVE-2003-0977",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-01-05T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/10601"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-422"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84\u0026JServSessionIdservlets=8u3x1myav1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107168035515554\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107540163908129\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/10601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.