Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2005:387
HistoryApr 26, 2005 - 1:42 p.m.

cvs security update

2005-04-2613:42:59
CentOS Project
lists.centos.org
49

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.848 High

EPSS

Percentile

98.5%

JSON

CentOS Errata and Security Advisory CESA-2005:387

CVS (Concurrent Version System) is a version control system.

A buffer overflow bug was found in the way the CVS client processes version
and author information. If a user can be tricked into connecting to a
malicious CVS server, an attacker could execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0753 to this issue.

Additionally, a bug was found in which CVS freed an invalid pointer.
However, this issue does not appear to be exploitable.

All users of cvs should upgrade to this updated package, which includes a
backported patch to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-April/073756.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073757.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073758.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073759.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073760.html
https://lists.centos.org/pipermail/centos-announce/2005-April/073761.html

Affected packages:
cvs

Upstream details at:
https://access.redhat.com/errata/RHSA-2005:387

Related

cve 1
nessus 11
openvas 8
osv 1
cvelist 1
redhat 1
ubuntu 1
ubuntucve 1
freebsd_advisory 1
altlinux 1
slackware 1
checkpoint_advisories 1
gentoo 1
centos 1
debian 2
debiancve 1
nvd 1
securityvulns 1
suse 1
cve
cve
CVE-2005-0753
2005-04-21 04:00:00
nessus
nessus
CentOS 3 / 4 : cvs (CESA-2005:387)
2006-07-03 00:00:00
GLSA-200504-16 : CVS: Multiple vulnerabilities
2005-04-19 00:00:00
Ubuntu 4.10 / 5.04 : cvs vulnerability (USN-117-1)
2006-01-15 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200504-16 (CVS)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200504-16 (CVS)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-742-1)
2008-01-17 00:00:00
osv
osv
cvs - buffer overflow
2005-07-07 00:00:00
cvelist
cvelist
CVE-2005-0753
2005-04-21 04:00:00
redhat
redhat
(RHSA-2005:387) cvs security update
2005-04-25 00:00:00
ubuntu
ubuntu
cvs vulnerability
2005-05-04 00:00:00
ubuntucve
ubuntucve
CVE-2005-0753
2005-04-18 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:05.cvs
2005-04-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.19-alt1
2005-04-06 00:00:00
slackware
slackware
CVS
2005-04-21 22:27:21
checkpoint_advisories
checkpoint_advisories
CVS Annotate Command Revision String Buffer Overflow (CVE-2005-0753)
2009-11-15 00:00:00
gentoo
gentoo
CVS: Multiple vulnerabilities
2005-04-18 00:00:00
centos
centos
cvs security update
2005-04-26 22:37:03
debian
debian
[SECURITY] [DSA 742-1] New cvs packages fix arbitrary code execution
2005-07-07 21:04:16
[SECURITY] [DSA 742-1] New cvs packages fix arbitrary code execution
2005-07-07 21:04:16
debiancve
debiancve
CVE-2005-0753
2005-04-21 04:00:00
nvd
nvd
CVE-2005-0753
2005-04-18 04:00:00
securityvulns
securityvulns
[Full-disclosure] SUSE Security Announcement: cvs (SUSE-SA:2005:024)
2005-04-18 00:00:00
suse
suse
remote code execution in cvs
2005-04-18 14:31:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.848 High

EPSS

Percentile

98.5%

JSON
Related for CESA-2005:387
cve1nessus11openvas8osv1cvelist1redhat1ubuntu1ubuntucve1freebsd_advisory1altlinux1slackware1checkpoint_advisories1gentoo1centos1debian2debiancve1nvd1securityvulns1suse1