Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200504-16
HistoryApr 18, 2005 - 12:00 a.m.

CVS: Multiple vulnerabilities

2005-04-1800:00:00
Gentoo Foundation
security.gentoo.org
10

0.848 High

EPSS

Percentile

98.5%

JSON

Background

CVS (Concurrent Versions System) is an open-source network-transparent version control system. It contains both a client utility and a server.

Description

Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow (CAN-2005-0753), memory leaks and a NULL pointer dereferencing error. Furthermore when launching trigger scripts CVS includes a user controlled directory.

Impact

An attacker could exploit these vulnerabilities to cause a Denial of Service or execute arbitrary code with the permissions of the CVS pserver or the authenticated user (depending on the connection method used).

Workaround

There is no known workaround at this time.

Resolution

All CVS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.20"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-util/cvs< 1.11.20UNKNOWN

Related

debian 2
nessus 11
osv 1
openvas 8
cve 1
cvelist 1
altlinux 1
ubuntucve 1
freebsd_advisory 1
centos 2
redhat 1
ubuntu 1
debiancve 1
checkpoint_advisories 1
slackware 1
securityvulns 1
suse 1
debian
debian
[SECURITY] [DSA 742-1] New cvs packages fix arbitrary code execution
2005-07-07 00:00:00
[SECURITY] [DSA 742-1] New cvs packages fix arbitrary code execution
2005-07-07 21:04:16
nessus
nessus
GLSA-200504-16 : CVS: Multiple vulnerabilities
2005-04-19 00:00:00
CentOS 3 / 4 : cvs (CESA-2005:387)
2006-07-03 00:00:00
SUSE-SA:2005:024: cvs
2005-04-18 00:00:00
osv
osv
cvs - buffer overflow
2005-07-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200504-16 (CVS)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200504-16 (CVS)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-742-1)
2008-01-17 00:00:00
cve
cve
CVE-2005-0753
2005-04-18 04:00:00
cvelist
cvelist
CVE-2005-0753
2005-04-21 04:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.19-alt1
2005-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2005-0753
2005-04-18 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:05.cvs
2005-04-22 00:00:00
centos
centos
cvs security update
2005-04-26 13:42:59
cvs security update
2005-04-26 22:37:03
redhat
redhat
(RHSA-2005:387) cvs security update
2005-04-25 00:00:00
ubuntu
ubuntu
cvs vulnerability
2005-05-04 00:00:00
debiancve
debiancve
CVE-2005-0753
2005-04-18 04:00:00
checkpoint_advisories
checkpoint_advisories
CVS Annotate Command Revision String Buffer Overflow (CVE-2005-0753)
2009-11-15 00:00:00
slackware
slackware
CVS
2005-04-21 22:27:21
securityvulns
securityvulns
[Full-disclosure] SUSE Security Announcement: cvs &#40;SUSE-SA:2005:024&#41;
2005-04-18 00:00:00
suse
suse
remote code execution in cvs
2005-04-18 14:31:00

0.848 High

EPSS

Percentile

98.5%

JSON
Related for GLSA-200504-16
debian2nessus11osv1openvas8cve1cvelist1altlinux1ubuntucve1freebsd_advisory1centos2redhat1ubuntu1debiancve1checkpoint_advisories1slackware1securityvulns1suse1