Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0414

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0414
Last Modified 21 Aug 2010 12:20:26
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0414

Summary

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

  • Openbsd

  • Openbsd 3.4

  • Openbsd 3.5

Application

  • Cvs 1.10.7

  • Cvs 1.10.8

  • Cvs 1.11

  • Cvs 1.11.1

  • Cvs 1.11.1 P1

  • Cvs 1.11.10

  • Cvs 1.11.11

  • Cvs 1.11.14

  • Cvs 1.11.15

  • Cvs 1.11.16

  • Cvs 1.11.2

  • Cvs 1.11.3

  • Cvs 1.11.4

  • Cvs 1.11.5

  • Cvs 1.11.6

  • Cvs 1.12.1

  • Cvs 1.12.2

  • Cvs 1.12.5

  • Cvs 1.12.7

  • Cvs 1.12.8

  • Openpkg

  • Openpkg 1.3

  • Openpkg 2.0

  • Sgi Propack 2.4

  • Sgi Propack 3.0


References

DEBIAN - DSA-517

BUGTRAQ - 20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)

REDHAT - RHSA-2004:233

GENTOO - GLSA-200406-06

MISC - http://security.e-matters.de/advisories/092004.html

FULLDISC - 20040609 Advisory 09/2004: More CVS remote vulnerabilities

SGI - 20040605-01-U

SGI - 20040604-01-U

MANDRAKE - MDKSA-2004:058


Last Updated: 27 May 2016 10:38:36