15670 : CVS Unspecified Remote Overflow
Printer | http://osvdb.org/15670 | Email This | Edit Vulnerability

Views This Week

4

Views All Time

11

Info

Last Modified

6 months ago

Percent Complete

100%

Disclosure

Apr 18, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

An unspecified remote overflow exists in CVS. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.11.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

CVS	CVS	1.11.15
		1.11
		1.11.1
		1.11.2
		1.11.3
		1.11.4
		1.11.5
		1.11.6
		1.11.7
		1.11.8
		1.11.9
		1.11.10
		1.11.11
		1.11.12
		1.11.13
		1.11.14
		1.11.16
		1.11.17
		1.11.18
		1.11.19

References

Bugtraq ID: 13217
Generic Informational URL: http://www.eweek.com/article2/0,1759,1788016,00.asp
Related OSVDB ID: 15671
Other Advisory URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000966
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:073
http://rhn.redhat.com/errata/RHSA-2005-387.html
http://security.gentoo.org/glsa/glsa-200504-16.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware- ......
http://ubuntulinux.org/support/documentation/usn/usn-117-1
http://www.debian.org/security/2005/dsa-742
http://www.debian.org/security/2005/dsa-773
http://www.novell.com/linux/security/advisories/2005_12_sr.html
http://www.novell.com/linux/security/advisories/2005_24_cvs.html
http://www.openbsd.org/errata.html#cvs
http://www.trustix.org/errata/2005/0013/
https://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.127&content-type=tex ......
ISS X-Force ID: 20148
Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-006.txt.asc
Secunia Advisory ID: 14976 14994 15003 15042 15045 15056 15061 15090 15112 15177 15203 15243 15680 15992 16413 17389
CVE ID: 2005-0753 (see also: NVD)
Security Tracker: 1013759

Tools & Filters

Nessus	18082 18088 18097 18103 18130 18646 18804 19654 20505
Snort	3651 3652

Credit

Alen Zukich - alen.zukichklocwork.com -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

User Status

Account
- Login
- Sign-Up

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use