Vulnerabilities > CVE-2004-0416 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
cvs
openpkg
sgi
gentoo
openbsd
CWE-119
critical
nessus
exploit available

Summary

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

descriptionRemote CVS. CVE-2004-0416. Remote exploit for linux platform
idEDB-ID:392
last seen2016-01-31
modified2004-08-13
published2004-08-13
reporterGyan Chawdhary
sourcehttps://www.exploit-db.com/download/392/
titleRemote CVS <= 1.11.15 error_prog_name Remote Exploit

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_015.NASL
    descriptionThe remote host is missing the patch for the advisory SuSE-SA:2004:015 (cvs). The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stefan Esser and Sebastian Krahmer (SuSE Security-Team). These bugs allow remote attackers to execute arbitrary code as the user the CVS server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. The update packages fix vulnerabilities which have been assigned the CAN numbers CVE-2004-0416, CVE-2004-0417 and CVE-2004-0418. The cvs packages shipped by SUSE (as well as our recent updates for CVS) are not vulnerable to CVE-2004-0414. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command
    last seen2020-06-01
    modified2020-06-02
    plugin id13831
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13831
    titleSuSE-SA:2004:015: cvs
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SuSE-SA:2004:015
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(13831);
     script_version ("1.16");
     script_cve_id("CVE-2004-0416", "CVE-2004-0417", "CVE-2004-0418");
     
     name["english"] = "SuSE-SA:2004:015: cvs";
     
    
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SuSE-SA:2004:015 (cvs).
    
    
    The Concurrent Versions System (CVS) offers tools which allow developers
    to share and maintain large software projects.
    Various remotely exploitable conditions have been found during a
    source code review of CVS done by Stefan Esser and Sebastian Krahmer
    (SuSE Security-Team).
    These bugs allow remote attackers to execute arbitrary code as the user
    the CVS server runs as. Since there is no easy workaround we strongly
    recommend to update the cvs package.
    The update packages fix vulnerabilities which have been assigned the
    CAN numbers CVE-2004-0416, CVE-2004-0417 and CVE-2004-0418.
    The cvs packages shipped by SUSE (as well as our recent updates for CVS)
    are not vulnerable to CVE-2004-0414.
    
    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command 'rpm -Fhv file.rpm' to apply
    the update." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/2004_15_cvs.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
     script_cwe_id(119);
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
     script_cvs_date("Date: 2019/10/25 13:36:27");
    
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the cvs package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"cvs-1.11.1p1-332", release:"SUSE8.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cvs-1.11.1p1-332", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cvs-1.11.5-114", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cvs-1.11.6-83", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"cvs-1.11.14-24.6", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"cvs-", release:"SUSE8.0")
     || rpm_exists(rpm:"cvs-", release:"SUSE8.1")
     || rpm_exists(rpm:"cvs-", release:"SUSE8.2")
     || rpm_exists(rpm:"cvs-", release:"SUSE9.0")
     || rpm_exists(rpm:"cvs-", release:"SUSE9.1") )
    {
     set_kb_item(name:"CVE-2004-0416", value:TRUE);
     set_kb_item(name:"CVE-2004-0417", value:TRUE);
     set_kb_item(name:"CVE-2004-0418", value:TRUE);
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-161-01.NASL
    descriptionNew cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away.
    last seen2020-06-01
    modified2020-06-02
    plugin id18779
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18779
    titleSlackware 8.1 / 9.0 / 9.1 / current : cvs (SSA:2004-161-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2004-161-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18779);
      script_version("1.20");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2004-0414", "CVE-2004-0416", "CVE-2004-0417", "CVE-2004-0418");
      script_xref(name:"SSA", value:"2004-161-01");
    
      script_name(english:"Slackware 8.1 / 9.0 / 9.1 / current : cvs (SSA:2004-161-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New cvs packages that have been upgraded to cvs-1.11.17 are available
    for Slackware 8.1, 9.0, 9.1, and -current to fix various security
    issues. Sites running a CVS server should upgrade to the new CVS
    package right away."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.427370
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?898d2588"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cvs package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:cvs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/06/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"8.1", pkgname:"cvs", pkgver:"1.11.17", pkgarch:"i386", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"9.0", pkgname:"cvs", pkgver:"1.11.17", pkgarch:"i386", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"9.1", pkgname:"cvs", pkgver:"1.11.17", pkgarch:"i486", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"cvs", pkgver:"1.11.17", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idCVS_MALFORMED_ENTRY_LINES_FLAW.NASL
    descriptionThe remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator. Among the issues deemed likely to be exploitable were: - A double-free relating to the error_prog_name string. (CVE-2004-0416) - An argument integer overflow. (CVE-2004-0417) - Out-of-bounds writes in serv_notify. (CVE-2004-0418)
    last seen2020-06-01
    modified2020-06-02
    plugin id12265
    published2004-06-09
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/12265
    titleCVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # Ref:
    #  Date: Wed, 9 Jun 2004 15:00:04 +0200
    #  From: Stefan Esser <[email protected]>
    #  To: [email protected], [email protected],
    #        [email protected], [email protected]
    #  Subject: Advisory 09/2004: More CVS remote vulnerabilities
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(12265);
     script_version("1.28");
    
     script_cve_id("CVE-2004-0414", "CVE-2004-0416", "CVE-2004-0417", "CVE-2004-0418", "CVE-2004-1471"); 
     script_bugtraq_id(10499);
     script_xref(name:"RHSA", value:"2004:233-017");
     
     script_name(english:"CVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote CVS server is affected by multiple issues." );
     script_set_attribute(attribute:"description", value:
    "The remote CVS server, according to its version number, might allow an
    attacker to execute arbitrary commands on the remote system because of
    a flaw relating to malformed Entry lines which lead to a missing NULL
    terminator. 
    
    Among the issues deemed likely to be exploitable were:
    
      - A double-free relating to the error_prog_name string. 
        (CVE-2004-0416)
    
      - An argument integer overflow. (CVE-2004-0417)
    
      - Out-of-bounds writes in serv_notify. (CVE-2004-0418)" );
     script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Jun/234" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to CVS 1.12.9 or 1.11.17." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
     script_cwe_id(119);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/06/09");
     script_set_attribute(attribute:"vuln_publication_date", value: "2004/06/09");
     script_cvs_date("Date: 2018/11/15 20:50:23");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_end_attributes();
    
     script_summary(english:"Logs into the remote CVS server and asks the version");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_family(english:"Misc.");
     script_require_ports("Services/cvspserver", 2401);
     script_dependencies("find_service1.nasl", "cvs_pserver_heap_overflow.nasl");
     exit(0);
    }
    
    include('global_settings.inc');
    
    port = get_kb_item("Services/cvspserver");
    if(!port)port = 2401;
    if(!get_port_state(port))exit(0);
    version =  get_kb_item(string("cvs/", port, "/version"));
    if ( ! version ) exit(0);
    if(ereg(pattern:".* 1\.([0-9]\.|10\.|11\.([0-9][^0-9]|1[0-6])|12\.[0-8][^0-9]).*", string:version))
         	security_hole(port);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_CVS_11117.NASL
    descriptionThe following package needs to be updated: FreeBSD
    last seen2016-09-26
    modified2011-10-02
    plugin id14282
    published2004-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=14282
    titleFreeBSD : cvs -- numerous vulnerabilities (29)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_CVS_NUMEROUS_VULNS.NASL
    descriptionThe remote host is running a version of FreeBSD which contains a version of the 'cvs' utility containing several issues : - An insufficient input validation while processing 'Entry' lines - A double-free issue - An integer overflow when processing 'Max-dotdot' commands - A format string bug when processing cvs wrappers - A single-byte buffer overflow when processing configuration files - Various other integers overflows
    last seen2016-09-26
    modified2011-10-02
    plugin id14812
    published2004-09-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=14812
    titleFreeBSD : SA-04:14.cvs
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-169.NASL
    descriptionWhile investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed
    last seen2020-06-01
    modified2020-06-02
    plugin id13723
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13723
    titleFedora Core 1 : cvs-1.11.17-1 (2004-169)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-170.NASL
    descriptionWhile investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed
    last seen2020-06-01
    modified2020-06-02
    plugin id13724
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13724
    titleFedora Core 2 : cvs-1.11.17-2 (2004-170)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-519.NASL
    descriptionSebastian Krahmer and Stefan Esser discovered several vulnerabilities in the CVS server, which serves the popular Concurrent Versions System. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0416: double-free() in error_prog_name - CAN-2004-0417: argument integer overflow - CAN-2004-0418: out of bound writes in serve_notify()
    last seen2020-06-01
    modified2020-06-02
    plugin id15356
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15356
    titleDebian DSA-519-1 : cvs - several vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D2102505F03D11D881B0000347A4FA7D.NASL
    descriptionA number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. - Insufficient input validation while processing
    last seen2020-06-01
    modified2020-06-02
    plugin id37427
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37427
    titleFreeBSD : cvs -- numerous vulnerabilities (d2102505-f03d-11d8-81b0-000347a4fa7d)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200406-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200406-06 (CVS: additional DoS and arbitrary code execution vulnerabilities) A team audit of the CVS source code performed by Stefan Esser and Sebastian Krahmer resulted in the discovery of several remotely exploitable vulnerabilities including: no-null-termination of
    last seen2020-06-01
    modified2020-06-02
    plugin id14517
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14517
    titleGLSA-200406-06 : CVS: additional DoS and arbitrary code execution vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-233.NASL
    descriptionAn updated cvs package that fixes several server vulnerabilities, which could be exploited by a malicious client, is now available. CVS is a version control system frequently used to manage source code repositories. While investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed
    last seen2020-06-01
    modified2020-06-02
    plugin id12500
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12500
    titleRHEL 2.1 / 3 : cvs (RHSA-2004:233)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-517.NASL
    descriptionDerek Robert Price discovered a potential buffer overflow vulnerability in the CVS server, based on a malformed Entry, which serves the popular Concurrent Versions System.
    last seen2020-06-01
    modified2020-06-02
    plugin id15354
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15354
    titleDebian DSA-517-1 : cvs - buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-058.NASL
    descriptionAnother vulnerability was discovered related to
    last seen2020-06-01
    modified2020-06-02
    plugin id14157
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14157
    titleMandrake Linux Security Advisory : cvs (MDKSA-2004:058)

Oval

  • accepted2013-04-29T04:01:11.841-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionDouble free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:10070
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleDouble free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
    version27
  • accepted2004-08-04T12:00:00.000-04:00
    classvulnerability
    contributors
    nameJay Beale
    organizationBastille Linux
    descriptionDouble free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:994
    statusaccepted
    submitted2004-06-29T12:00:00.000-04:00
    titleCVS error_prog_name Double-free Vulnerability
    version4

Redhat

advisories
rhsa
idRHSA-2004:233
rpms
  • cvs-0:1.11.2-24
  • cvs-debuginfo-0:1.11.2-24