centos 6
shell weakness #3

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

cvsps-2.2b1/cap.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 shell weakness.

 		  "and/or server version:\n[%s]\n"
		  "are too old to properly support the rlog command. \n"
		  "This command was introduced in 1.11.1.  Cvsps\n"
		  "will use log instead, but PatchSet numbering\n"
		  "may become unstable due to pruned empty\n"
		  "directories.\n", client_version, server_version);
	}
	break;
		  
    default:
	debug(DEBUG_APPERROR, "unknown cvs capability check %d", cap);
	exit(1);
    }

    return ret;
}

static void get_version_external()
{
    FILE * cvsfp;
    
    strcpy(client_version, "(UNKNOWN CLIENT)");
    strcpy(server_version, "(UNKNOWN SERVER)");

    if (!(cvsfp = popen("cvs version 2>/dev/null", "r")))
    {
	debug(DEBUG_APPERROR, "cannot popen cvs version. exiting");
	exit(1);
    }
    
    if (!fgets(client_version, BUFSIZ, cvsfp))
    {
	debug(DEBUG_APPMSG1, "WARNING: malformed CVS version: no data");
	goto out;
    }
    
    chop(client_version);
    
    if (strncmp(client_version, "Client", 6) == 0)
    {
	if (!fgets(server_version, BUFSIZ, cvsfp))
	{
	    debug(DEBUG_APPMSG1, "WARNING: malformed CVS version: no server data");
	    goto out;
	}
	chop(server_version);
    }
    else
    {
	server_version[0] = 0; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.