CVE-2004-0396 Information

Description

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15 and 1.12.x up to 1.12.7 when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html http://marc.info/?l=bugtraq&m=108498454829020&w=2 http://marc.info/?l=bugtraq&m=108500040719512&w=2 http://marc.info/?l=bugtraq&m=108636445031613&w=2 http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2 http://secunia.com/advisories/11641 http://secunia.com/advisories/11647 http://secunia.com/advisories/11651 http://secunia.com/advisories/11652 http://secunia.com/advisories/11674 http://security.e-matters.de/advisories/072004.html http://security.gentoo.org/glsa/glsa-200405-12.xml http://www.ciac.org/ciac/bulletins/o-147.shtml http://www.debian.org/security/2004/dsa-505 http://www.kb.cert.org/vuls/id/192038 http://www.mandriva.com/security/advisories?name=MDKSA-2004:048 http://www.osvdb.org/6305 http://www.redhat.com/support/errata/RHSA-2004-190.html http://www.securityfocus.com/bid/10384 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865 http://www.us-cert.gov/cas/techalerts/TA04-147A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16193 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9058 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A970