Code: p532 Severity: Notice
Description: CVS is the Concurrent Versions System, commonly used to help manage software development. It is possible for a remote attacker to exploit a bug in the cvs daemon that will allow the perpetrator the ability to execute code, issue a denial of service, compromise code being stored in CVS and read sensitive information. Impact: Possible theft of data and control of the targeted machine leading to a compromise of all resources on the machine. Software development could be halted, code could be lost or stolen and code auditing after the fact could affect delivery of software. Corrective: Disable the CVS daemon in the file /etc/inetd.conf. Run the CVS daemon as a user other than root that does not have a valid login to the machine. Disable anonymous access to the cvs server. Update the CVS software to the latest non-affected version.
|
