SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
SecurityTracker Alert ID:  1013759
SecurityTracker URL:  http://securitytracker.com/id/1013759
CVE Reference:   CVE-2005-0753   (Links to External Site)
Date:  Apr 19 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.11.20 (stable version); prior to 1.12.12 (feature version)
Description:   Several vulnerabilities were reported in Concurrent Versions System (CVS). A remote user may be able to execute arbitrary code or cause denial of service conditions.

A remote user may be able to trigger a buffer overflow and execute arbitrary code on the target system or cause the CVS service to crash [CVE: CVE-2005-0753]. Some memory allocation, memory leak, and NULL pointer errors also exist and may allow a remote user to cause denial of service conditions.

A remote authenticated user with commit privileges may be able to cause an improperly configured contributed Perl script to execute arbitrary code on the target system.

Alen Zukich reported the buffer overflow and Craig Monson reported the Perl script code execution vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system with the privileges of the CVS service.

A remote user may be able to cause the CVS service to crash.

Solution:   The vendor has released a fixed version (1.11.20 stable version; 1.12.12 feature version), available at:

https://ccvs.cvshome.org/servlets/ProjectDownloadList

Vendor URL:  ccvs.cvshome.org/servlets/NewsItemView?newsItemID=141 (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 22 2005 (FreeBSD Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
FreeBSD has released a fix.
Apr 26 2005 (Red Hat Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
Red Hat has issued a fix.
Apr 29 2005 (OpenBSD Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
OpenBSD has issued a fix.
Jun 8 2005 (OpenBSD Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
OpenBSD has issued a fix.
Jun 22 2005 (OpenBSD Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
OpenBSD has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC