Executive Summary
Summary | |
---|---|
Title | Updated cvs package fixes security issues |
Informations | |||
---|---|---|---|
Name | RHSA-2004:233 | First vendor Publication | 2004-06-09 |
Vendor | RedHat | Last vendor Modification | 2004-06-09 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-233.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1001 | |||
Oval ID: | oval:org.mitre.oval:def:1001 | ||
Title: | Integer overflow in the "Max-dotdot" CVS protocol command | ||
Description: | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0417 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | CVS |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1003 | |||
Oval ID: | oval:org.mitre.oval:def:1003 | ||
Title: | CVS serve_notify Improper Handling of Empty Data Lines | ||
Description: | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0418 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | CVS |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10070 | |||
Oval ID: | oval:org.mitre.oval:def:10070 | ||
Title: | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | ||
Description: | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0416 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10575 | |||
Oval ID: | oval:org.mitre.oval:def:10575 | ||
Title: | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | ||
Description: | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0414 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11145 | |||
Oval ID: | oval:org.mitre.oval:def:11145 | ||
Title: | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | ||
Description: | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0417 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11242 | |||
Oval ID: | oval:org.mitre.oval:def:11242 | ||
Title: | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | ||
Description: | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0418 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:993 | |||
Oval ID: | oval:org.mitre.oval:def:993 | ||
Title: | CVS Improper Handling of Malformed Entry Lines | ||
Description: | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0414 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | CVS |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:994 | |||
Oval ID: | oval:org.mitre.oval:def:994 | ||
Title: | CVS error_prog_name Double-free Vulnerability | ||
Description: | Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0416 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | CVS |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-06 (CVS) File : nvt/glsa_200406_06.nasl |
2008-09-04 | Name : FreeBSD Ports: cvs+ipv6 File : nvt/freebsd_cvs+ipv6.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-04:14.cvs.asc) File : nvt/freebsdsa_cvs2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 517-1 (cvs) File : nvt/deb_517_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 519-1 (cvs) File : nvt/deb_519_1.nasl |
2005-11-03 | Name : CVS malformed entry lines flaw File : nvt/cvs_malformed_entry_lines_flaw.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-161-01 cvs File : nvt/esoft_slk_ssa_2004_161_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
6836 | CVS CVSROOT Configuration File Empty Line Underflow A local overflow exists in CVS stable and CVS feature. CVS fails to adequately handle configuration files stored in CVSROOT containing empty lines, resulting in a single byte underflow. By providing such a formatted configuration file, an attacker can trigger the issue, resulting in a loss of availability and possibly other effects. It should be noted that only users with the COMMIT privilege can properly exploit this issue. It is further reported that only big-endian architectures (eg, SPARC, as opposed to Intel) should be affected adversely by this problem. |
6835 | CVS serve_notify Out-of-Bounds Arbitrary Code Execution |
6834 | CVS serve_notify Overflow Command Execution A remote overflow exists in Concurrent Versions System. The CVS fails to handle an empty data line input resulting in a potential single byte overflow. With a specially crafted request, an attacker can cause the execution of the supplied code resulting in a loss of confidentiality, integrity, and/or availability. Since the CVS system is used to version control source code, these flaws put the source code in the repository at risk of being changed. This could lead to future exploits of any software that was checked into the system. These problems were discovered after a system compromise. The subsequent CVS code audit discovered several issues. This should be considered a critical issue and any source code located on public CVS servers should be verified to be correct. |
6833 | CVS Argumentx Arbitrary Command Execution CVS (Concurrent Versions System) contains a flaw that may allow a malicious user to execude code remotely. The issue is triggered when an Argumentx command is issued which is used to add more data to a previously stored argument which is freed on client exit without checking if this list is already empty. This flaw, known as Double-free allows remote code executing resulting in a loss of integrity. |
6832 | CVS Max-dotdot Overflow DoS |
6831 | CVS error_prog_name Double-Free Command Execution |
6830 | CVS Entry Line Null Termination DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CVS Max-dotdot integer overflow attempt RuleID : 2583-community - Revision : 9 - Type : SERVER-OTHER |
2014-01-10 | CVS Max-dotdot integer overflow attempt RuleID : 2583 - Revision : 9 - Type : SERVER-OTHER |
2014-01-10 | CVS Argumentx command double free attempt RuleID : 15971 - Revision : 5 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d2102505f03d11d881b0000347a4fa7d.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-161-01.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-517.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-519.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200406-06.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-058.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_015.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-169.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-170.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-233.nasl - Type : ACT_GATHER_INFO |
2004-06-09 | Name : The remote CVS server is affected by multiple issues. File : cvs_malformed_entry_lines_flaw.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:30 |
|