Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0015

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0015
Last Modified 10 Sep 2008 08:05:22
Published 07 Feb 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0015

Summary

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Vulnerable Systems

Operating System

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.7

  • Freebsd 5.0

Application

  • Cvs 1.10.7

  • Cvs 1.10.8

  • Cvs 1.11

  • Cvs 1.11.1

  • Cvs 1.11.1p1

  • Cvs 1.11.2

  • Cvs 1.11.3

  • Cvs 1.11.4


References

CERT-VN - VU#650937

CERT - CA-2003-02

MISC - http://security.e-matters.de/advisories/012003.html

REDHAT - RHSA-2003:013

XF - cvs-doublefree-memory-corruption(11108)

BID - 6650

REDHAT - RHSA-2003:012

MANDRAKE - MDKSA-2003:009

DEBIAN - DSA-233

CIAC - N-032

FREEBSD - FreeBSD-SA-03:01

BUGTRAQ - 20030202 Exploit for CVS double free() for Linux pserver

BUGTRAQ - 20030124 Test program for CVS double-free.

BUGTRAQ - 20030122 [security@slackware.com: [slackware-security] New CVS packages available]

CONFIRM - http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14

VULNWATCH - 20030120 Advisory 01/2003: CVS remote vulnerability


Last Updated: 27 May 2016 10:37:45