Sourcefire, Inc. has discovered a vulnerability in shiela, an open source access control and logging tool for Concurrent Versions System (CVS). The Sourcefire Vulnerability Research Team (VRT) discovered a flaw within the command execution routines of Open Source Software Project (OSSP) shiela prior to and including version 1.1.5, affecting CVS servers with OSSP shiela enabled.
Sourcefires VRT is chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modelling to write rules that detect many worms and malicious scripts exploiting underlying vulnerabilities. In this case, Sourcefire 3D System and Snort users were provided with an analysis of the vulnerability in advance of any known exploit and confirmation that OSSP shiela 1.1.7, which was released on July 25, 2006, addresses this vulnerability. OSSP shiela customers are encouraged to upgrade to version 1.1.7.
In certain cases, this vulnerability could result in the remote execution of arbitrary commands, or total compromise of an affected machine. The flaw makes it possible to execute an arbitrary command on the CVS server, due to a shell command insertion attack. If a CVS repository with OSSP shiela enabled is accessible via pserver, non-shell users may be able to execute commands. Specifically, a user with the ability to commit files to a CVS repository would have the opportunity to execute arbitrary commands as that user. In addition, if CVS access via pserver is enabled, users with repository specific passwords can execute arbitrary commands as the real identity stored in the password file.
Related links: (Open in a new window.)
www.snort.org/rules/docs/vrt/shiela.html
Taken from Information Security Bulletin.