Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1471

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2004-1471
Last Modified 05 Sep 2008 04:41:29
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2004-1471

Summary

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Vulnerable Systems

Operating System

  • Freebsd 1.1.5.1

  • Freebsd 2.0

  • Freebsd 2.0.5

  • Freebsd 2.1.0

  • Freebsd 2.1.5

  • Freebsd 2.1.6

  • Freebsd 2.1.6.1

  • Freebsd 2.1.7.1

  • Freebsd 2.2

  • Freebsd 2.2.2

  • Freebsd 2.2.3

  • Freebsd 2.2.4

  • Freebsd 2.2.5

  • Freebsd 2.2.6

  • Freebsd 2.2.8

  • Freebsd 3.0

  • Freebsd 3.1

  • Freebsd 3.2

  • Freebsd 3.3

  • Freebsd 3.4

  • Freebsd 3.5

  • Freebsd 3.5.1

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.10

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.6.2

  • Freebsd 4.7

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Gentoo Linux 1.4

  • Openbsd 3.4

  • Openbsd 3.5

  • Openbsd Current

Application

  • Cvs 1.10.7

  • Cvs 1.10.8

  • Cvs 1.11

  • Cvs 1.11.1

  • Cvs 1.11.1 P1

  • Cvs 1.11.10

  • Cvs 1.11.11

  • Cvs 1.11.14

  • Cvs 1.11.15

  • Cvs 1.11.16

  • Cvs 1.11.2

  • Cvs 1.11.3

  • Cvs 1.11.4

  • Cvs 1.11.5

  • Cvs 1.11.6

  • Cvs 1.12.1

  • Cvs 1.12.2

  • Cvs 1.12.5

  • Cvs 1.12.7

  • Cvs 1.12.8

  • Openpkg 1.3

  • Openpkg 2.0

  • Openpkg Current

  • Sgi Propack 2.4

  • Sgi Propack 3.0


References

BID - 10499

XF - cvs-wrapper-format-string(16365)

FULLDISC - 20040609 Advisory 09/2004: More CVS remote vulnerabilities

FREEBSD - FreeBSD-SA-04:14


Last Updated: 27 May 2016 10:39:02