oval:org.mitre.oval:def:1003

Definition Id: oval:org.mitre.oval:def:1003

Oval ID:	oval:org.mitre.oval:def:1003
Title:	CVS serve_notify Improper Handling of Empty Data Lines
Description:	serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0418	Version:	1
Platform(s):	Red Hat Enterprise Linux 3	Product(s):	CVS
Definition Synopsis:
Software section Red Hat Enterprise 3 is installed AND cvs rpm version prior to 1.11.2-24 is installed AND Configuration section /usr/bin/cvs is executable /usr/bin/cvs is executable AND /usr/bin/cvs is executable AND /usr/bin/cvs is executable