|
|
Family: General --> Category: infos
CVS malformed entry lines flaw Vulnerability Scan
Vulnerability Scan Summary
Logs into the remote CVS server and asks the version
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote CVS server is affected by multiple issues.
Description :
The remote CVS server, according to its version number, might allow an
attacker to execute arbitrary commands on the remote system because of
a flaw relating to malformed Entry lines which lead to a missing NULL
terminator.
Among the issues deemed likely to be exploitable were:
- a double-free relating to the error_prog_name string (CVE-2004-0416)
- an argument integer overflow (CVE-2004-0417)
- out-of-bounds writes in serv_notify (CVE-2004-0418)
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html
Solution :
Upgrade to CVS 1.12.9 or 1.11.17
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
