This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:CVS:CVS-AUTHOR-OF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
CVS Author Name Overflow
|
Release Date |
2005/04/28
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: CVS Author Name Overflow
This signature detects attempts to exploit a known vulnerability against CVS versions prior to 1.11.20. A successful attack can lead to arbitrary malicious code execution within the context of the CVS server.
Extended Description
CVS is prone to unspecified buffer overflow, memory access vulnerabilities, and a NULL pointer dereference denial of service.
It is conjectured that the issues may be leveraged by a remote authenticated user to disclose regions of the CVS process memory, and to corrupt CVS process memory. The two issues combined may lead to a remote attacker reliably executing arbitrary code in the context of the vulnerable process, although this is not confirmed.
This BID will be updated as soon as further information is made available.
Affected Products
- Conectiva linux 10.0.0
- Conectiva linux 9.0.0
- Cvs cvs 1.11.10
- Cvs cvs 1.11.11
- Cvs cvs 1.11.14
- Cvs cvs 1.11.15
- Cvs cvs 1.11.16
- Cvs cvs 1.11.17
- Cvs cvs 1.11.19
- Cvs cvs 1.11.1 P1
- Cvs cvs 1.11.5
- Cvs cvs 1.11.6
- Cvs cvs 1.12.1
- Cvs cvs 1.12.10
- Cvs cvs 1.12.11
- Cvs cvs 1.12.2
- Cvs cvs 1.12.5
- Cvs cvs 1.12.7
- Cvs cvs 1.12.8
- Cvs cvs 1.12.9
- Debian linux 3.1.0
- Debian linux 3.1.0 Alpha
- Debian linux 3.1.0 Amd64
- Debian linux 3.1.0 Arm
- Debian linux 3.1.0 Hppa
- Debian linux 3.1.0 Ia-32
- Debian linux 3.1.0 Ia-64
- Debian linux 3.1.0 M68k
- Debian linux 3.1.0 Mips
- Debian linux 3.1.0 Mipsel
- Debian linux 3.1.0 Ppc
- Debian linux 3.1.0 S/390
- Debian linux 3.1.0 Sparc
- Freebsd freebsd 4.0.0
- Freebsd freebsd 4.0.0 Alpha
- Freebsd freebsd 4.0.0 -RELENG
- Freebsd freebsd 4.0.0 .X
- Freebsd freebsd 4.1.0
- Freebsd freebsd 4.10.0
- Freebsd freebsd 4.10.0 -RELEASE
- Freebsd freebsd 4.10.0 -RELEASE-P8
- Freebsd freebsd 4.10.0 -RELENG
- Freebsd freebsd 4.10-PRERELEASE
- Freebsd freebsd 4.1.1
- Freebsd freebsd 4.11.0 -RELEASE-P3
- Freebsd freebsd 4.11.0 -RELENG
- Freebsd freebsd 4.11.0 -STABLE
- Freebsd freebsd 4.1.1 -RELEASE
- Freebsd freebsd 4.1.1 -STABLE
- Freebsd freebsd 4.2.0
- Freebsd freebsd 4.2.0 -RELEASE
- Freebsd freebsd 4.2.0 -STABLE
- Freebsd freebsd 4.2.0 -Stablepre050201
- Freebsd freebsd 4.2.0 -Stablepre122300
- Freebsd freebsd 4.3.0
- Freebsd freebsd 4.3.0 -RELEASE
- Freebsd freebsd 4.3.0 -RELEASE-P38
- Freebsd freebsd 4.3.0 -RELENG
- Freebsd freebsd 4.3.0 -STABLE
- Freebsd freebsd 4.4.0
- Freebsd freebsd 4.4.0 -RELEASE-P42
- Freebsd freebsd 4.4.0 -RELENG
- Freebsd freebsd 4.4.0 -STABLE
- Freebsd freebsd 4.5.0
- Freebsd freebsd 4.5.0 -RELEASE
- Freebsd freebsd 4.5.0 -RELEASE-P32
- Freebsd freebsd 4.5.0 -RELENG
- Freebsd freebsd 4.5.0 -STABLE
- Freebsd freebsd 4.5.0 -Stablepre2002-03-07
- Freebsd freebsd 4.6.0
- Freebsd freebsd 4.6.0 -RELEASE
- Freebsd freebsd 4.6.0 -RELEASE-P20
- Freebsd freebsd 4.6.0 -RELENG
- Freebsd freebsd 4.6.0 -STABLE
- Freebsd freebsd 4.6.2
- Freebsd freebsd 4.7.0
- Freebsd freebsd 4.7.0 -RELEASE
- Freebsd freebsd 4.7.0 -RELEASE-P17
- Freebsd freebsd 4.7.0 -RELENG
- Freebsd freebsd 4.7.0 -STABLE
- Freebsd freebsd 4.8.0
- Freebsd freebsd 4.8.0 -PRERELEASE
- Freebsd freebsd 4.8.0 -RELEASE-P7
- Freebsd freebsd 4.8.0 -RELENG
- Freebsd freebsd 4.9.0
- Freebsd freebsd 4.9.0 -PRERELEASE
- Freebsd freebsd 4.9.0 -RELENG
- Freebsd freebsd 5.0.0
- Freebsd freebsd 5.0.0 Alpha
- Freebsd freebsd 5.0.0 -RELEASE-P14
- Freebsd freebsd 5.0.0 -RELENG
- Freebsd freebsd 5.1.0
- Freebsd freebsd 5.1.0 -RELEASE
- Freebsd freebsd 5.1.0 -RELEASE/Alpha
- Freebsd freebsd 5.1.0 -RELEASE-P5
- Freebsd freebsd 5.1.0 -RELENG
- Freebsd freebsd 5.2.0
- Freebsd freebsd 5.2.0 -RELEASE
- Freebsd freebsd 5.2.0 -RELENG
- Freebsd freebsd 5.2.1 -RELEASE
- Freebsd freebsd 5.3.0
- Freebsd freebsd 5.3.0 -RELEASE
- Freebsd freebsd 5.3.0 -RELENG
- Freebsd freebsd 5.3.0 -STABLE
- Freebsd freebsd 5.4.0 -PRERELEASE
- Freebsd freebsd 5.4.0 -RELEASE
- Gentoo linux
- Netbsd netbsd 2.0.0
- Netbsd netbsd 2.0.1
- Netbsd netbsd 2.0.2
- Openbsd openbsd 3.5
- Openbsd openbsd 3.6
- Openbsd openbsd 3.7
- Peachtree linux Release 1
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 2.1
- Red_hat enterprise_linux_as 2.1 IA64
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_es 2.1 IA64
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 2.1
- Red_hat enterprise_linux_ws 2.1 IA64
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core1
- Red_hat fedora Core2
- Red_hat linux 7.3.0
- Red_hat linux 7.3.0 I386
- Red_hat linux 7.3.0 I686
- Red_hat linux 9.0.0 I386
- Sgi propack 3.0.0
- Suse linux_personal 8.2.0
- Suse linux_personal 9.0.0
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse open-enterprise-server 9.0.0
- Suse suse_core_9_for_x86
- Suse suse_linux_enterprise_server 8
- Suse suse_linux_enterprise_server 9
- Suse suse_linux_school_server_for_i386
- Suse unitedlinux 1.0.0
- Turbolinux appliance_server_hosting_edition 1.0.0
- Turbolinux appliance_server_workgroup_edition 1.0.0
- Turbolinux turbolinux 10 F...
- Turbolinux turbolinux_desktop 10.0.0
- Turbolinux turbolinux_server 10.0.0
- Turbolinux turbolinux_server 7.0.0
- Turbolinux turbolinux_server 8.0.0
- Turbolinux turbolinux_workstation 7.0.0
- Turbolinux turbolinux_workstation 8.0.0
- Ubuntu ubuntu_linux 4.1.0 Ia32
- Ubuntu ubuntu_linux 4.1.0 Ia64
- Ubuntu ubuntu_linux 4.1.0 Ppc
- Ubuntu ubuntu_linux 5.0.0 4 Amd64
- Ubuntu ubuntu_linux 5.0.0 4 I386
- Ubuntu ubuntu_linux 5.0.0 4 Powerpc
References