CVE-2004-0180

Name of the Vulnerable Software and Affected Versions cvs versions prior to 1.11.14

Description The issue concerns multiple vulnerabilities in the cvs package that can lead to a breach of protected information. These vulnerabilities can be exploited remotely. A malicious CVS server can create arbitrary files on a client's system using certain RCS diff files with absolute pathnames during checkouts or updates.

Recommendations For versions prior to 1.11.14, update to version 1.11.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the cvs package until a patch is available. Avoid using the cvs package for remote operations until the issue is resolved.