Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0396

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0396
Last Modified 21 Aug 2010 12:20:23
Published 14 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0396

Summary

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

Vulnerable Systems

Application

  • Cvs 1.11

  • Cvs 1.12


References

CERT-VN - VU#192038

CERT - TA04-147A

REDHAT - RHSA-2004:190

DEBIAN - DSA-505

BUGTRAQ - 20040519 Advisory 07/2004: CVS remote vulnerability

GENTOO - GLSA-200405-12

MISC - http://security.e-matters.de/advisories/072004.html

SUSE - SuSE-SA:2004:013

NETBSD - NetBSD-SA2004-008

FREEBSD - FreeBSD-SA-04:10

XF - cvs-entry-line-bo(16193)

SLACKWARE - SSA:2004-140-01

BID - 10384

OSVDB - 6305

MANDRAKE - MDKSA-2004:048

CIAC - O-147

SECUNIA - 11674

SECUNIA - 11652

SECUNIA - 11651

SECUNIA - 11647

SECUNIA - 11641

OPENBSD - 20040520 cvs server buffer overflow vulnerability

FEDORA - FEDORA-2004-1620

BUGTRAQ - 20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)


Last Updated: 27 May 2016 10:38:35