Executive Summary

Summary
Title cvs security update
Informations
Name RHSA-2010:0918 First vendor Publication 2010-11-29
Vendor RedHat Last vendor Modification 2010-11-29
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated cvs package that fixes one security issue is now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Concurrent Version System (CVS) is a version control system that can record the history of your files.

An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially-crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository. (CVE-2010-3846)

Red Hat would like to thank Ralph Loader for reporting this issue.

All users of cvs are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

642146 - CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0918.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22163
 
Oval ID: oval:org.mitre.oval:def:22163
Title: RHSA-2010:0918: cvs security update (Moderate)
Description: Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Family: unix Class: patch
Reference(s): RHSA-2010:0918-01
CVE-2010-3846
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
 Product(s): cvs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23549
 
Oval ID: oval:org.mitre.oval:def:23549
Title: ELSA-2010:0918: cvs security update (Moderate)
Description: Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2010:0918-01
CVE-2010-3846
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): cvs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28042
 
Oval ID: oval:org.mitre.oval:def:28042
Title: DEPRECATED: ELSA-2010-0918 -- cvs security update (moderate)
Description: [1.11.23-11.el6_0.1] - Fix CVE-2010-3846 (Resolves: #644813)
Family: unix Class: patch
Reference(s): ELSA-2010-0918
CVE-2010-3846
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): cvs
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2010-12-02 Name : Fedora Update for cvs FEDORA-2010-16721
File : nvt/gb_fedora_2010_16721_cvs_fc14.nasl
2010-11-16 Name : Fedora Update for cvs FEDORA-2010-16599
File : nvt/gb_fedora_2010_16599_cvs_fc12.nasl
2010-11-04 Name : Fedora Update for cvs FEDORA-2010-16600
File : nvt/gb_fedora_2010_16600_cvs_fc13.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68952 CVS ccvs/src/rcs.c apply_rcs_change() Delta Fragment Overflow

CVS is prone to an overflow condition. The 'apply_rcs_change()' function in 'ccvs/src/rcs.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted RC5 file, a context-dependent attacker can potentially gain elevated privileges.

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0918.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20101129_cvs_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0918.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16721.nasl - Type : ACT_GATHER_INFO
2010-11-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16599.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16600.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:54:06
  • Multiple Updates