Vulnerabilities > CVE-2003-0015 - Double Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 | |
| Application | 8 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | CVS 1.11.x Directory Request Double Free Heap Corruption Vulnerability. CVE-2003-0015. Remote exploit for linux platform |
| id | EDB-ID:22187 |
| last seen | 2016-02-02 |
| modified | 2003-01-20 |
| published | 2003-01-20 |
| reporter | Stefan Esser |
| source | https://www.exploit-db.com/download/22187/ |
| title | CVS 1.11.x - Directory Request Double Free Heap Corruption Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-233.NASL description Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contains a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 15070 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15070 title Debian DSA-233-1 : cvs - doubly freed memory NASL family Misc. NASL id CVS_DOUBLE_FREE.NASL description According to its version number, the CVS server running on the remote host has a double free bug, which could allow a malicious user to elevate their privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 11385 published 2003-03-14 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11385 title CVS Malformed Directory Request Double-free Privilege Escalation NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-009.NASL description Two vulnerabilities were discoverd by Stefen Esser in the cvs program. The first is an exploitable double free() bug within the server, which can be used to execute arbitrary code on the CVS server. To accomplish this, the attacker must have an anonymous read-only login to the CVS server. The second vulnerability is with the Checkin-prog and Update-prog commands. If a client has write permission, he can use these commands to execute programs outside of the scope of CVS, the output of which will be sent as output to the client. This update fixes the double free() vulnerability and removes the Checkin-prog and Update-prog commands from CVS. last seen 2020-06-01 modified 2020-06-02 plugin id 13994 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13994 title Mandrake Linux Security Advisory : cvs (MDKSA-2003:009) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-013.NASL description Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. All users of CVS are advised to upgrade to these packages which contain patches to correct the double-free bug. Our thanks go to Stefan Esser of e-matters for reporting this issue to us. last seen 2020-06-01 modified 2020-06-02 plugin id 12351 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12351 title RHEL 2.1 : cvs (RHSA-2003:013) NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_0007.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:0007 (cvs). CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a last seen 2020-06-01 modified 2020-06-02 plugin id 13772 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13772 title SUSE-SA:2003:0007: cvs NASL family Slackware Local Security Checks NASL id SLACKWARE_18708.NASL description New cvs packages are available to fix a security vulnerability. last seen 2016-09-26 modified 2011-05-28 plugin id 18708 published 2005-07-13 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=18708 title SSA-18708 New CVS packages available
Redhat
| advisories |
|
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
- http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
- http://marc.info/?l=bugtraq&m=104333092200589&w=2
- http://marc.info/?l=bugtraq&m=104342550612736&w=2
- http://marc.info/?l=bugtraq&m=104428571204468&w=2
- http://marc.info/?l=bugtraq&m=104438807203491&w=2
- http://rhn.redhat.com/errata/RHSA-2003-013.html
- http://security.e-matters.de/advisories/012003.html
- http://www.cert.org/advisories/CA-2003-02.html
- http://www.ciac.org/ciac/bulletins/n-032.shtml
- http://www.debian.org/security/2003/dsa-233
- http://www.kb.cert.org/vuls/id/650937
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
- http://www.redhat.com/support/errata/RHSA-2003-012.html
- http://www.securityfocus.com/bid/6650
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11108