Nessus Plugin #14288
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
CVSTrac chdir() chroot jail escape
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Checks for CVSTrac version
- Version:
- $Revision: 1.5 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- OSVDB:8643
- Description:
The remote host seems to be running cvstrac,
a web-based bug and patch-set tracking system for CVS.
This version contains a flaw related to the chdir() function
that may allow an attacker to escape the chroot jail. An
attacker, exploiting this flaw, would be able to access files
outside of the web root.
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of CVSTrac
***** installed there.
Solution : Update to version 1.1.4 or disable this CGI suite
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.