Vulnerabilities > CVE-2004-0396 - Heap Overflow vulnerability in CVS Malformed Entry Modified and Unchanged Flag Insertion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
Exploit-Db
description CVS Remote Entry Line Heap Overflow Root Exploit (Linux/FreeBSD). CVE-2004-0396. Remote exploits for multiple platform id EDB-ID:300 last seen 2016-01-31 modified 2004-06-25 published 2004-06-25 reporter Ac1dB1tCh3z source https://www.exploit-db.com/download/300/ title CVS Remote Entry Line Heap Overflow Root Exploit Linux/FreeBSD description CVS Remote Entry Line Root Heap Overflow Exploit. CVE-2004-0396. Remote exploit for solaris platform id EDB-ID:301 last seen 2016-01-31 modified 2004-06-25 published 2004-06-25 reporter N/A source https://www.exploit-db.com/download/301/ title CVS Remote Entry Line Root Heap Overflow Exploit
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2004-131.NASL description Stefan Esser discovered a flaw in cvs where malformed last seen 2020-06-01 modified 2020-06-02 plugin id 13706 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13706 title Fedora Core 2 : cvs-1.11.15-6 (2004-131) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-190.NASL description An updated cvs package that fixes a server vulnerability that could be exploited by a malicious client is now available. CVS is a version control system frequently used to manage source code repositories. Stefan Esser discovered a flaw in cvs where malformed last seen 2020-06-01 modified 2020-06-02 plugin id 12495 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12495 title RHEL 2.1 / 3 : cvs (RHSA-2004:190) NASL family Fedora Local Security Checks NASL id FEDORA_2004-126.NASL description Stefan Esser discovered a flaw in cvs where malformed last seen 2020-06-01 modified 2020-06-02 plugin id 13701 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13701 title Fedora Core 1 : cvs-1.11.15-5 (2004-126) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-505.NASL description Stefan Esser discovered a heap overflow in the CVS server, which serves the popular Concurrent Versions System. Malformed last seen 2020-06-01 modified 2020-06-02 plugin id 15342 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15342 title Debian DSA-505-1 : cvs - heap overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-048.NASL description Stefan Esser discovered that malformed last seen 2020-06-01 modified 2020-06-02 plugin id 14147 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14147 title Mandrake Linux Security Advisory : cvs (MDKSA-2004:048) NASL family Misc. NASL id CVS_PSERVER_HEAP_OVERFLOW.NASL description According to its version number, the remote CVS server has a heap- based buffer overflow vulnerability. A remote attacker could exploit this to crash the service, or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 12240 published 2004-05-19 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12240 title CVS pserver Line Entry Handling Overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_CVS_HEAP_OVERFLOW.NASL description The remote host is running a version of FreeBSD which contains a heap overflow in the cvs pserver code. This flaw may be used by an attacker to execute arbitrary code on the remote host, provided that it last seen 2020-06-01 modified 2020-06-02 plugin id 12530 published 2004-07-06 reporter This script is Copyright (C) 2004-2010 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12530 title FreeBSD : SA-04:10.cvs NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-140-01.NASL description New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. last seen 2020-06-01 modified 2020-06-02 plugin id 18763 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18763 title Slackware 8.1 / 9.0 / 9.1 / current : cvs (SSA:2004-140-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-12.NASL description The remote host is affected by the vulnerability described in GLSA-200405-12 (CVS heap overflow vulnerability) Stefan Esser discovered a heap overflow in the CVS server, which can be triggered by sending malicious last seen 2020-06-01 modified 2020-06-02 plugin id 14498 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14498 title GLSA-200405-12 : CVS heap overflow vulnerability NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_013.NASL description The remote host is missing the patch for the advisory SuSE-SA:2004:013 (cvs). The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Stefan Esser reported buffer overflow conditions within the cvs program. They allow remote attackers to execute arbitrary code as the user the cvs server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command last seen 2020-06-01 modified 2020-06-02 plugin id 13830 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13830 title SuSE-SA:2004:013: cvs
Oval
accepted 2013-04-29T04:18:11.312-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. family unix id oval:org.mitre.oval:def:9058 status accepted submitted 2010-07-09T03:56:16-04:00 title Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. version 26 accepted 2007-04-25T19:53:11.394-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security
description Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines. family unix id oval:org.mitre.oval:def:970 status accepted submitted 2004-05-20T12:00:00.000-04:00 title CVS pserver BO version 38
Redhat
| advisories |
| ||||
| rpms |
|
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
- http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
- http://marc.info/?l=bugtraq&m=108498454829020&w=2
- http://marc.info/?l=bugtraq&m=108500040719512&w=2
- http://marc.info/?l=bugtraq&m=108636445031613&w=2
- http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
- http://secunia.com/advisories/11641
- http://secunia.com/advisories/11647
- http://secunia.com/advisories/11651
- http://secunia.com/advisories/11652
- http://secunia.com/advisories/11674
- http://security.e-matters.de/advisories/072004.html
- http://security.gentoo.org/glsa/glsa-200405-12.xml
- http://www.ciac.org/ciac/bulletins/o-147.shtml
- http://www.debian.org/security/2004/dsa-505
- http://www.kb.cert.org/vuls/id/192038
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
- http://www.osvdb.org/6305
- http://www.redhat.com/support/errata/RHSA-2004-190.html
- http://www.securityfocus.com/bid/10384
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
- http://www.us-cert.gov/cas/techalerts/TA04-147A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970