Signature Detail

APP: CVS Directory Heap Overflow

This signature detects attempts to exploit a known vulnerability against the double free () function in Concurrent Versions System protocol. Attackers sending an over long directory name can cause a heap double free on some CVS systems.

Extended Description

CVS is prone to a double free vulnerability in the Directory requests. An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code.

Affected Products

• Cvs cvs 1.10.7
• Cvs cvs 1.10.8
• Cvs cvs 1.11.0
• Cvs cvs 1.11.1
• Cvs cvs 1.11.1 P1
• Cvs cvs 1.11.2
• Cvs cvs 1.11.3
• Cvs cvs 1.11.4
• Freebsd freebsd 4.4.0
• Freebsd freebsd 4.5.0
• Freebsd freebsd 4.6.0
• Freebsd freebsd 4.7.0
• Freebsd freebsd 5.0.0
• Sun cobalt_cacheraq_3
• Sun cobalt_cacheraq_4
• Sun cobalt_qube_2
• Sun cobalt_qube_3
• Sun cobalt_raq_2
• Sun cobalt_raq_3
• Sun cobalt_raq_4
• Sun cobalt_raq_550
• Sun cobalt_raq_xtr
• Sun linux 5.0.3

References

• BugTraq: 6650
• CVE: CVE-2003-0015
• URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
• URL: http://www.debian.org/security/2003/dsa-233
• URL: http://www.cert.org/advisories/CA-2003-02.html