Vulnerabilities > CVE-2003-0015 - Double Free vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
freebsd
cvs
CWE-415
nessus
exploit available

Summary

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCVS 1.11.x Directory Request Double Free Heap Corruption Vulnerability. CVE-2003-0015. Remote exploit for linux platform
idEDB-ID:22187
last seen2016-02-02
modified2003-01-20
published2003-01-20
reporterStefan Esser
sourcehttps://www.exploit-db.com/download/22187/
titleCVS 1.11.x - Directory Request Double Free Heap Corruption Vulnerability

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-233.NASL
    descriptionStefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contains a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id15070
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15070
    titleDebian DSA-233-1 : cvs - doubly freed memory
  • NASL familyMisc.
    NASL idCVS_DOUBLE_FREE.NASL
    descriptionAccording to its version number, the CVS server running on the remote host has a double free bug, which could allow a malicious user to elevate their privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id11385
    published2003-03-14
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11385
    titleCVS Malformed Directory Request Double-free Privilege Escalation
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-009.NASL
    descriptionTwo vulnerabilities were discoverd by Stefen Esser in the cvs program. The first is an exploitable double free() bug within the server, which can be used to execute arbitrary code on the CVS server. To accomplish this, the attacker must have an anonymous read-only login to the CVS server. The second vulnerability is with the Checkin-prog and Update-prog commands. If a client has write permission, he can use these commands to execute programs outside of the scope of CVS, the output of which will be sent as output to the client. This update fixes the double free() vulnerability and removes the Checkin-prog and Update-prog commands from CVS.
    last seen2020-06-01
    modified2020-06-02
    plugin id13994
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13994
    titleMandrake Linux Security Advisory : cvs (MDKSA-2003:009)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-013.NASL
    descriptionUpdated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to these packages which contain patches to correct the double-free bug. Our thanks go to Stefan Esser of e-matters for reporting this issue to us.
    last seen2020-06-01
    modified2020-06-02
    plugin id12351
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12351
    titleRHEL 2.1 : cvs (RHSA-2003:013)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2003_0007.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2003:0007 (cvs). CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a
    last seen2020-06-01
    modified2020-06-02
    plugin id13772
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13772
    titleSUSE-SA:2003:0007: cvs
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_18708.NASL
    descriptionNew cvs packages are available to fix a security vulnerability.
    last seen2016-09-26
    modified2011-05-28
    plugin id18708
    published2005-07-13
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=18708
    titleSSA-18708 New CVS packages available

Redhat

advisories
  • rhsa
    idRHSA-2003:012
  • rhsa
    idRHSA-2003:013