Vulnerabilities > CVE-2004-1471 - Multiple vulnerability in CVS
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. Failed exploit attempts will likely cause a denial of service condition.
Vulnerable Configurations
Exploit-Db
description | CVS 1.11.x Multiple Vulnerabilities. CVE-2004-1471. Local exploit for linux platform |
id | EDB-ID:24182 |
last seen | 2016-02-02 |
modified | 2004-06-09 |
published | 2004-06-09 |
reporter | Gyan Chawdhary |
source | https://www.exploit-db.com/download/24182/ |
title | CVS 1.11.x - Multiple Vulnerabilities |
Nessus
NASL family Misc. NASL id CVS_MALFORMED_ENTRY_LINES_FLAW.NASL description The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator. Among the issues deemed likely to be exploitable were: - A double-free relating to the error_prog_name string. (CVE-2004-0416) - An argument integer overflow. (CVE-2004-0417) - Out-of-bounds writes in serv_notify. (CVE-2004-0418) last seen 2020-06-01 modified 2020-06-02 plugin id 12265 published 2004-06-09 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12265 title CVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # # Ref: # Date: Wed, 9 Jun 2004 15:00:04 +0200 # From: Stefan Esser <[email protected]> # To: [email protected], [email protected], # [email protected], [email protected] # Subject: Advisory 09/2004: More CVS remote vulnerabilities # include("compat.inc"); if (description) { script_id(12265); script_version("1.28"); script_cve_id("CVE-2004-0414", "CVE-2004-0416", "CVE-2004-0417", "CVE-2004-0418", "CVE-2004-1471"); script_bugtraq_id(10499); script_xref(name:"RHSA", value:"2004:233-017"); script_name(english:"CVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote CVS server is affected by multiple issues." ); script_set_attribute(attribute:"description", value: "The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator. Among the issues deemed likely to be exploitable were: - A double-free relating to the error_prog_name string. (CVE-2004-0416) - An argument integer overflow. (CVE-2004-0417) - Out-of-bounds writes in serv_notify. (CVE-2004-0418)" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Jun/234" ); script_set_attribute(attribute:"solution", value: "Upgrade to CVS 1.12.9 or 1.11.17." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2004/06/09"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/06/09"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Logs into the remote CVS server and asks the version"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Misc."); script_require_ports("Services/cvspserver", 2401); script_dependencies("find_service1.nasl", "cvs_pserver_heap_overflow.nasl"); exit(0); } include('global_settings.inc'); port = get_kb_item("Services/cvspserver"); if(!port)port = 2401; if(!get_port_state(port))exit(0); version = get_kb_item(string("cvs/", port, "/version")); if ( ! version ) exit(0); if(ereg(pattern:".* 1\.([0-9]\.|10\.|11\.([0-9][^0-9]|1[0-6])|12\.[0-8][^0-9]).*", string:version)) security_hole(port);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_CVS_11117.NASL description The following package needs to be updated: FreeBSD last seen 2016-09-26 modified 2011-10-02 plugin id 14282 published 2004-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14282 title FreeBSD : cvs -- numerous vulnerabilities (29) NASL family FreeBSD Local Security Checks NASL id FREEBSD_CVS_NUMEROUS_VULNS.NASL description The remote host is running a version of FreeBSD which contains a version of the 'cvs' utility containing several issues : - An insufficient input validation while processing 'Entry' lines - A double-free issue - An integer overflow when processing 'Max-dotdot' commands - A format string bug when processing cvs wrappers - A single-byte buffer overflow when processing configuration files - Various other integers overflows last seen 2016-09-26 modified 2011-10-02 plugin id 14812 published 2004-09-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14812 title FreeBSD : SA-04:14.cvs