OpenBSD: cvs Pathname validation vulnerabilities
Posted by LinuxSecurity.com Team   
OpenBSD Patches for both client and server prevent file creation and modification outside of allowed directories. 

Pathname validation problems have been found in cvs(1), allowing malicious
clients to create files outside the repository, allowing malicious servers
to overwrite files outside the local CVS tree on the client and allowing
clients to check out files outside the CVS repository.


CVE Ids        : CAN-2003-0977 CAN-2004-0180 CAN-2004-0405

The problems have been fixed in OpenBSD-current as well as the 3.5-stable,
3.4-stable and 3.3-stable branches.

Patches are available from:
     ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch
     ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/017_cvs.patch
     ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/022_cvs.patch

For more information, see:
     http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
     http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102