Skip to content   CVS Version Control  |  Other Software  |  All Downloads  |  Buy Online  |  Get Support Now  |  Documentation Library    
Skip to content
Skip to content  march-hare.com Logo Skip to content
 
Last Modified: Thursday, February 1, 2018 Home > CVS > Security > Note 7254 
What is CVE?

CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration."

What is a "vulnerability"?

An information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network. See the Terminology page for a complete explanation of how this term is used on the CVE Web site.

Vulnerability or Exposure Note 7254 (CVE-2018-6461)

March Hare Software WINCVS Insecure Library Loading Vulnerability

Overview

March Hare Software WINCVS contains an Insecure Library Loading vulnerability or exposure in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse python or tcl dll file in the current working directory.

I. Description

March Hare Software WINCVS provides scripting capabilities through the use of Python or TCL. The wincvs2.exe or wincvs.exe contains a vulnerability or exposure in the use of DLL name to load Python or TCL, which affects WINCVS on all Windows operating systems: WINCVS 1.0 and later (including all builds of 2.0, 2.02, 2.09, 2.1.1, 2.5.0x and 2.8.01 before build 6610; CVS Suite 2.5.01, CVS Suite 2.5.02, CVS Suite 2.5.03, CVS Suite 2008 and CVS Suite 2009 before build 6610.

Exploit code for this vulnerability or exposure has been tested by March Hare Software.

II. Impact

A non-privileged user may create a module (or add files to an existing module) with a specially crafted name to gain authenticated access to your PC with the same privileges as the current logged on user when WinCVS is opened in that directory. Specifically when a user right clicks on the checked out module to 'Open in new instance' or Ctrl+F2 then the malicious DLL executes.

III. Solution

Apply an update

This issue is addressed in CVS Suite 2009R2 Build 6610 (and higher), which modifies the way WinCVS handles loading DLLs to exclude the 'current directory' from the acceptable paths. Customers with an active software maintenance contract may download the update from the customer area of the march-hare.com web site.



Use Microsoft KB2264107 to mitigate this issue on affected systems

Microsoft has published KB2264107 about this issue and provided a hotfix and registry setting as a mitigation for this vulnerability or exposure.

Systems Affected

VendorStatusDate NotifiedDate Updated
March Hare SoftwareVulnerable2018-01-31

References


http://customer.march-hare.com/webtools/bugzilla/ttshow_bug.cgi?id=7254&tt=1
http://march-hare.com/cvspro/security.htm

Credit

This document was written by March Hare Software.
This vulnerability was discovered by hyp3rlinx / apparition security.

Other Information

Date Public:2018-02-05
Date First Published:2018-02-05
Date Last Updated:2018-02-05
CERT Advisory: 
CVE-ID(s):CVE-2018-6461
NVD-ID(s): 
US-CERT Technical Alerts: 


About Us | Customer Area | Contact us | Prices & Ordering | Feedback | Privacy Policy

Copyright © 2000. March Hare Pty Ltd
All rights reserved.