SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(OpenBSD Issues Fix) CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service
SecurityTracker Alert ID:  1014134
SecurityTracker URL:  http://securitytracker.com/id/1014134
CVE Reference:   CVE-2005-0753   (Links to External Site)
Date:  Jun 8 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.11.20 (stable version); prior to 1.12.12 (feature version)
Description:   Several vulnerabilities were reported in Concurrent Versions System (CVS). A remote user may be able to execute arbitrary code or cause denial of service conditions.

A remote user may be able to trigger a buffer overflow and execute arbitrary code on the target system or cause the CVS service to crash [CVE: CVE-2005-0753]. Some memory allocation, memory leak, and NULL pointer errors also exist and may allow a remote user to cause denial of service conditions.

A remote authenticated user with commit privileges may be able to cause an improperly configured contributed Perl script to execute arbitrary code on the target system.

Alen Zukich reported the buffer overflow and Craig Monson reported the Perl script code execution vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system with the privileges of the CVS service.

A remote user may be able to cause the CVS service to crash.

Solution:   OpenBSD has issued a fix:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/001_cvs.patch

Vendor URL:  ccvs.cvshome.org/servlets/NewsItemView?newsItemID=141 (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.7

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2005 CVS Buffer Overflows and Memory Leaks May Let Remote Users Execute Arbitrary Code or Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC