Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0417

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0417
Last Modified 21 Aug 2010 12:20:26
Published 06 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0417

Summary

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

  • Openbsd

  • Openbsd 3.4

  • Openbsd 3.5

Application

  • Cvs 1.10.7

  • Cvs 1.10.8

  • Cvs 1.11

  • Cvs 1.11.1

  • Cvs 1.11.1 P1

  • Cvs 1.11.10

  • Cvs 1.11.11

  • Cvs 1.11.14

  • Cvs 1.11.15

  • Cvs 1.11.16

  • Cvs 1.11.2

  • Cvs 1.11.3

  • Cvs 1.11.4

  • Cvs 1.11.5

  • Cvs 1.11.6

  • Cvs 1.12.1

  • Cvs 1.12.2

  • Cvs 1.12.5

  • Cvs 1.12.7

  • Cvs 1.12.8

  • Openpkg

  • Openpkg 1.3

  • Openpkg 2.0

  • Sgi Propack 2.4

  • Sgi Propack 3.0


References

DEBIAN - DSA-519

BUGTRAQ - 20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)

REDHAT - RHSA-2004:233

GENTOO - GLSA-200406-06

MISC - http://security.e-matters.de/advisories/092004.html

FULLDISC - 20040609 Advisory 09/2004: More CVS remote vulnerabilities

SGI - 20040605-01-U

MANDRAKE - MDKSA-2004:058


Last Updated: 27 May 2016 10:38:36