SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(Red Hat Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
SecurityTracker Alert ID:  1013819
SecurityTracker URL:  http://securitytracker.com/id/1013819
CVE Reference:   CVE-2005-0753   (Links to External Site)
Date:  Apr 26 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.11.20 (stable version); prior to 1.12.12 (feature version)
Description:   Several vulnerabilities were reported in Concurrent Versions System (CVS). A remote user may be able to execute arbitrary code or cause denial of service conditions.

A remote user may be able to trigger a buffer overflow and execute arbitrary code on the target system or cause the CVS service to crash [CVE: CVE-2005-0753]. Some memory allocation, memory leak, and NULL pointer errors also exist and may allow a remote user to cause denial of service conditions.

A remote authenticated user with commit privileges may be able to cause an improperly configured contributed Perl script to execute arbitrary code on the target system.

Alen Zukich reported the buffer overflow and Craig Monson reported the Perl script code execution vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system with the privileges of the CVS service.

A remote user may be able to cause the CVS service to crash.

Solution:   Red Hat has issued a fix.

Red Hat Desktop (v. 3)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860

IA-32:
cvs-1.11.2-27.i386.rpm 5b821d54dee3d13bab55d246be067be2

x86_64:
cvs-1.11.2-27.x86_64.rpm ac9fe80037c3857b51d3ad87f6556503

Red Hat Desktop (v. 4)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad

IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm a3fb0cdf21e3f1f67acb9580a17b068c

x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm c4fb7c7ef27462e14213d750263ed73f

Red Hat Enterprise Linux AS (v. 2.1)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478

IA-32:
cvs-1.11.1p1-18.i386.rpm 6f4b84ce418a777eb6644f6ad4d76616

IA-64:
cvs-1.11.1p1-18.ia64.rpm ca0194a275975e9a576e5c643974941d

Red Hat Enterprise Linux AS (v. 3)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860

IA-32:
cvs-1.11.2-27.i386.rpm 5b821d54dee3d13bab55d246be067be2

IA-64:
cvs-1.11.2-27.ia64.rpm bb679e26359e12c711f31cb05446b798

PPC:
cvs-1.11.2-27.ppc.rpm 3bc90cad047c47fa5d53f54f694fd166

s390:
cvs-1.11.2-27.s390.rpm 5f223edfd769dcd3a3c0867304652c16

s390x:
cvs-1.11.2-27.s390x.rpm 66cf36f6e41c39b05304fbc188294df5

x86_64:
cvs-1.11.2-27.x86_64.rpm ac9fe80037c3857b51d3ad87f6556503

Red Hat Enterprise Linux AS (v. 4)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad

IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm a3fb0cdf21e3f1f67acb9580a17b068c

IA-64:
cvs-1.11.17-7.RHEL4.ia64.rpm a556e359ecca71df7211becc5189a06f

PPC:
cvs-1.11.17-7.RHEL4.ppc.rpm 9cdf66a2735a32470680a55c36b4c464

s390:
cvs-1.11.17-7.RHEL4.s390.rpm 569a6322133afdcb7242c18ed17244b3

s390x:
cvs-1.11.17-7.RHEL4.s390x.rpm c15b1c06582ff0986208955eb8dcfad7

x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm c4fb7c7ef27462e14213d750263ed73f

Red Hat Enterprise Linux ES (v. 2.1)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478

IA-32:
cvs-1.11.1p1-18.i386.rpm 6f4b84ce418a777eb6644f6ad4d76616

Red Hat Enterprise Linux ES (v. 3)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860

IA-32:
cvs-1.11.2-27.i386.rpm 5b821d54dee3d13bab55d246be067be2

IA-64:
cvs-1.11.2-27.ia64.rpm bb679e26359e12c711f31cb05446b798

x86_64:
cvs-1.11.2-27.x86_64.rpm ac9fe80037c3857b51d3ad87f6556503

Red Hat Enterprise Linux ES (v. 4)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad

IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm a3fb0cdf21e3f1f67acb9580a17b068c

IA-64:
cvs-1.11.17-7.RHEL4.ia64.rpm a556e359ecca71df7211becc5189a06f

x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm c4fb7c7ef27462e14213d750263ed73f

Red Hat Enterprise Linux WS (v. 2.1)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478

IA-32:
cvs-1.11.1p1-18.i386.rpm 6f4b84ce418a777eb6644f6ad4d76616

Red Hat Enterprise Linux WS (v. 3)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860

IA-32:
cvs-1.11.2-27.i386.rpm 5b821d54dee3d13bab55d246be067be2

IA-64:
cvs-1.11.2-27.ia64.rpm bb679e26359e12c711f31cb05446b798

x86_64:
cvs-1.11.2-27.x86_64.rpm ac9fe80037c3857b51d3ad87f6556503

Red Hat Enterprise Linux WS (v. 4)

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad

IA-32:
cvs-1.11.17-7.RHEL4.i386.rpm a3fb0cdf21e3f1f67acb9580a17b068c

IA-64:
cvs-1.11.17-7.RHEL4.ia64.rpm a556e359ecca71df7211becc5189a06f

x86_64:
cvs-1.11.17-7.RHEL4.x86_64.rpm c4fb7c7ef27462e14213d750263ed73f

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

--------------------------------------------------------------------------------

SRPMS:
cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478

IA-64:
cvs-1.11.1p1-18.ia64.rpm ca0194a275975e9a576e5c643974941d

Vendor URL:  ccvs.cvshome.org/servlets/NewsItemView?newsItemID=141 (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  2.1, 3, 4

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2005 CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC