Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.GENTOO_GLSA-200405-12.NASL
HistoryAug 30, 2004 - 12:00 a.m.

GLSA-200405-12 : CVS heap overflow vulnerability

2004-08-3000:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

The remote host is affected by the vulnerability described in GLSA-200405-12 (CVS heap overflow vulnerability)

Stefan Esser discovered a heap overflow in the CVS server, which can be     triggered by sending malicious 'Entry' lines and manipulating the flags     related to that Entry. This vulnerability was proven to be exploitable.

Impact :

A remote attacker can execute arbitrary code on the CVS server, with the     rights of the CVS server. By default, Gentoo uses the 'cvs' user to run the     CVS server. In particular, this flaw allows a complete compromise of CVS     source repositories. If you're not running a server, then you are not     vulnerable.

Workaround :

There is no known workaround at this time. All users are advised to upgrade     to the latest available version of CVS.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200405-12.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14498);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-0396");
  script_xref(name:"GLSA", value:"200405-12");

  script_name(english:"GLSA-200405-12 : CVS heap overflow vulnerability");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200405-12
(CVS heap overflow vulnerability)

    Stefan Esser discovered a heap overflow in the CVS server, which can be
    triggered by sending malicious 'Entry' lines and manipulating the flags
    related to that Entry. This vulnerability was proven to be exploitable.
  
Impact :

    A remote attacker can execute arbitrary code on the CVS server, with the
    rights of the CVS server. By default, Gentoo uses the 'cvs' user to run the
    CVS server. In particular, this flaw allows a complete compromise of CVS
    source repositories. If you're not running a server, then you are not
    vulnerable.
  
Workaround :

    There is no known workaround at this time. All users are advised to upgrade
    to the latest available version of CVS."
  );
  # http://security.e-matters.de/advisories/072004.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://archive.cert.uni-stuttgart.de/bugtraq/2004/05/msg00219.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200405-12"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All users running a CVS server should upgrade to the latest stable version:
    # emerge sync
    # emerge -pv '>=dev-util/cvs-1.11.16'
    # emerge '>=dev-util/cvs-1.11.16'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cvs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/05/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-util/cvs", unaffected:make_list("ge 1.11.16"), vulnerable:make_list("le 1.11.15"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-util/cvs");
}
VendorProductVersionCPE
gentoolinuxcvsp-cpe:/a:gentoo:linux:cvs
gentoolinuxcpe:/o:gentoo:linux

Related

securityvulns 1
nessus 9
osv 1
debian 2
canvas 1
openvas 10
ubuntucve 1
checkpoint_advisories 2
slackware 1
altlinux 1
cvelist 1
freebsd 1
redhat 1
cve 1
debiancve 1
freebsd_advisory 1
cert 1
gentoo 1
suse 1
securityvulns
securityvulns
Advisory 07/2004: CVS remote vulnerability
2004-05-19 00:00:00
nessus
nessus
Fedora Core 2 : cvs-1.11.15-6 (2004-131)
2004-07-23 00:00:00
RHEL 2.1 / 3 : cvs (RHSA-2004:190)
2004-07-06 00:00:00
CVS pserver Line Entry Handling Overflow
2004-05-19 00:00:00
osv
osv
cvs - heap overflow
2004-05-19 00:00:00
debian
debian
[SECURITY] [DSA 505-1] New cvs packages fix remote exploit
2004-05-19 08:58:27
[SECURITY] [DSA 505-1] New cvs packages fix remote exploit
2004-05-19 00:00:00
canvas
canvas
Immunity Canvas: PSERVERD
2004-06-14 04:00:00
openvas
openvas
Debian Security Advisory DSA 505-1 (cvs)
2008-01-17 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-04:10.cvs.asc)
2008-09-04 00:00:00
Slackware Advisory SSA:2004-140-01 cvs
2012-09-11 00:00:00
ubuntucve
ubuntucve
CVE-2004-0396
2004-06-14 00:00:00
checkpoint_advisories
checkpoint_advisories
CVS Entry Line Flag Remote Heap Overflow - Ver2 (CVE-2004-0396)
2014-12-28 00:00:00
CVS Entry Line Flag Remote Heap Overflow - Ver2 (CVE-2004-0396)
2014-12-28 00:00:00
slackware
slackware
cvs
2004-05-19 19:14:49
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.15-alt2
2004-05-10 00:00:00
cvelist
cvelist
CVE-2004-0396
2004-05-20 04:00:00
freebsd
freebsd
cvs pserver remote heap buffer overflow
2004-05-02 00:00:00
redhat
redhat
(RHSA-2004:190) cvs security update
2004-05-19 00:00:00
cve
cve
CVE-2004-0396
2004-06-14 04:00:00
debiancve
debiancve
CVE-2004-0396
2004-06-14 04:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-04:10.cvs
2004-05-19 00:00:00
cert
cert
CVS contains a heap overflow in the handling of flag insertion
2004-05-19 00:00:00
gentoo
gentoo
CVS heap overflow vulnerability
2004-05-20 00:00:00
suse
suse
remote command execution in cvs
2004-05-19 11:10:20
JSON
Related for GENTOO_GLSA-200405-12.NASL
securityvulns1nessus9osv1debian2canvas1openvas10ubuntucve1checkpoint_advisories2slackware1altlinux1cvelist1freebsd1redhat1cve1debiancve1freebsd_advisory1cert1gentoo1suse1