CVS Argumentx Arbitrary Command Execution

2004-06-09T08:00:04
ID OSVDB:6833
Type osvdb
Reporter Sebastian Krahmer(krahmer@suse.de), Stefan Esser(sesser@hardened-php.net)
Modified 2004-06-09T08:00:04

Description

Vulnerability Description

CVS (Concurrent Versions System) contains a flaw that may allow a malicious user to execude code remotely. The issue is triggered when an Argumentx command is issued which is used to add more data to a previously stored argument which is freed on client exit without checking if this list is already empty. This flaw, known as Double-free allows remote code executing resulting in a loss of integrity.

Solution Description

Upgrade to version 1.11.17 or higher if using stable, feature version 1.12.9 or higher as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

CVS (Concurrent Versions System) contains a flaw that may allow a malicious user to execude code remotely. The issue is triggered when an Argumentx command is issued which is used to add more data to a previously stored argument which is freed on client exit without checking if this list is already empty. This flaw, known as Double-free allows remote code executing resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200406-06.xml Vendor Specific Solution URL: https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=110 Vendor Specific Solution URL: https://ccvs.cvshome.org/servlets/NewsItemView?newsItemID=111 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11818 Secunia Advisory ID:11822 Secunia Advisory ID:11853 Secunia Advisory ID:11842 Secunia Advisory ID:11820 Secunia Advisory ID:11826 Secunia Advisory ID:12598 Secunia Advisory ID:17389 Secunia Advisory ID:11817 Secunia Advisory ID:11834 Secunia Advisory ID:11850 Secunia Advisory ID:11829 Related OSVDB ID: 6831 Related OSVDB ID: 6834 Related OSVDB ID: 6835 Related OSVDB ID: 6836 Related OSVDB ID: 6830 Related OSVDB ID: 6832 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc Other Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-004.txt.asc Other Advisory URL: http://security.e-matters.de/advisories/092004.html Nessus Plugin ID:12265 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0119.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0215.html ISS X-Force ID: 16364 Generic Informational URL: https://ccvs.cvshome.org/servlets/ProjectDocumentList CVE-2004-0416 CIAC Advisory: o-156