Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2004-190: cvs Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the cvs packages

Detailed Explanation for this Vulnerability Test

An updated cvs package that fixes a server vulnerability that could be
exploited by a malicious client is now available.

CVS is a version control system frequently used to manage source code

Stefan Esser discovered a flaw in cvs where malformed "Entry"
lines could cause a heap overflow. A possible hacker who has access to a CVS
server could use this flaw to execute arbitrary code under the UID which
the CVS server is executing. The Common Vulnerabilities and Exposures
project ( has assigned the name CVE-2004-0396 to this issue.

Users of CVS are advised to upgrade to this updated package, which contains
a backported patch correcting this issue.

Red Hat would like to thank Stefan Esser for notifying us of this issue and
Derek Price for providing an updated patch.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.