Rule:  --Sid:2318--Summary:This event is generated when an attempt is made to exploit a knownvulnerability in the Concurrent Versions System (CVS).--Impact:Serious. Manipulation of the host file system is possible.--Detailed Information:Concurrent Versions System (CVS) is used to track the history of sourcecode files when developing software.Some versions of CVS contain a vulnerability that may allow an attackerto create directories or files in the host filesystem external to thecvsroot. This is achieved via a malformed module request.--Affected Systems:	CVS versions prior to 1.11.10--Attack Scenarios:An attacker may send a specially crafted request to a cvs server andcreate files and directories of their choosing in the hosts rootfilesystem. The attacker may then access these files at will to furthercompromise the system.--Ease of Attack:Simple. No exploit software is required.--False Positives:None known.--False Negatives:If compression is being used in data communications between the CVSserver and clients, this rule will not generate an event.--Corrective Action:Apply the appropriate vendor supplied patches.Upgrade to the latest non-affected version of the software.--Contributors:Sourcefire Vulnerability Research TeamBrian Caswell <bmc@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>-- Additional References:CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977--