Family: Debian Local Security Checks --> Category: infos
[DSA505] DSA-505-1 cvs Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Stefan Esser discovered a heap overflow in the CVS server, which
serves the popular Concurrent Versions System. Malformed "Entry"
Lines in combination with Is-modified and Unchanged can be used to
overflow malloc()ed memory. This was proven to be exploitable.
For the stable distribution (woody) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your cvs package immediately.
Solution : http://www.debian.org/security/2004/dsa-505
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.