Intrusion Prevention

CVS.File.Existence.Information.Disclosure

Description

This indicates an attack attempt against an information disclosure vulnerability in CVS.
An anonymous or low-privileged attacker may exploit this weakness to gain information about files on a CVS server.

Affected Products

CVS (Concurrent Versions System) 1.11
FreeBSD Any version
Linux Any version
Mandrake Linux 10.0
Mandrake Linux 9.2
Mandrake Linux Corporate Server 2.1
Unix Any version

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to the latest version of CVS (1.11.17 or 1.12.9 or later), available from the CVS Web site.
http://ccvs.cvshome.org/servlets/ProjectDownloadList

CVE References

CVE-2004-0778