Executive Summary
Summary | |
---|---|
Title | New cvs packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-742 | First vendor Publication | 2005-07-07 |
Vendor | Debian | Last vendor Modification | 2005-07-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Derek Price, the current maintainer of CVS, discovered a buffer overflow in the CVS server, that serves the popular Concurrent Versions System, which could lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-12. For the stable distribution (sarge) this problem has been fixed in version 1.12.9-13. For the unstable distribution (sid) this problem has been fixed in version 1.12.9-13. We recommend that you upgrade your cvs package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-742 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9688 | |||
Oval ID: | oval:org.mitre.oval:def:9688 | ||
Title: | Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. | ||
Description: | Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0753 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200504-16 (CVS) File : nvt/glsa_200504_16.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:05.cvs.asc) File : nvt/freebsdsa_cvs3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 742-1 (cvs) File : nvt/deb_742_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-111-01 CVS File : nvt/esoft_slk_ssa_2005_111_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15671 | CVS Unspecified NULL Pointer Dereference DoS |
15670 | CVS Unspecified Remote Overflow An unspecified remote overflow exists in CVS. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. No further details have been provided. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CVS pserver annotate revision overflow attempt RuleID : 3652 - Revision : 6 - Type : SERVER-OTHER |
2014-01-10 | CVS rsh annotate revision overflow attempt RuleID : 3651 - Revision : 6 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-387.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-117-1.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-330.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-111-01.nasl - Type : ACT_GATHER_INFO |
2005-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-742.nasl - Type : ACT_GATHER_INFO |
2005-04-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-387.nasl - Type : ACT_GATHER_INFO |
2005-04-21 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-073.nasl - Type : ACT_GATHER_INFO |
2005-04-20 | Name : The remote version control service has multiple vulnerabilities. File : cvs_unspecified_vuln.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200504-16.nasl - Type : ACT_GATHER_INFO |
2005-04-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_024.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:06 |
|