EUVD-2003-0967

Malware in sbrugna...

GLSA-200405-12 : CVS heap overflow vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-12 CVS heap overflow vulnerability Stefan Esser discovered a heap overflow in the CVS server, which can be triggered by sending malicious 'Entry' lines and manipulating the flags related to that Entry. This vulnerability wa...

Fedora Core 1 : cvs-1.11.15-5 (2004-126)

Stefan Esser discovered a flaw in cvs where malformed 'Entry' lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. The Common Vulnerabilities and Exposures project cve.mitre.org...

[SECURITY] [DSA 517-1] New CVS packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 517-1 [email protected] http://www.debian.org/security/ Martin Schulze June 10th, 2004 http://www.debian.org/security/faq -...

CVS heap overflow vulnerability

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Stefan Esser discovered a heap overflow in the CVS server, which can be triggered by sending malicious "Entry" lines and manipulating...

DSA-505 cvs - heap overflow

Bulletin has no description...

CVS PServer CVSROOT Passwd File Arbitrary Code Execution

According to its version number, the remote CVS server has an arbitrary code execution vulnerability. Any user with the ability to write the CVSROOT/passwd file could execute arbitrary code as root. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11970; scriptversion...

MDKSA-2003:112-1 - Updated cvs packages fix malformed module request vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: cvs Advisory ID: MDKSA-2003:112-1 Date: December 10th, 2003 Original Advisory Date: December 8th, 2003 Affected versions: 9.1, 9.2 Problem Description: A vulnerability was discovered in the CVS...

CVS pserver Brute Force Access

It was possible to find the public CVS repository of the remote host by searching a list of commonly used passwords and CVS repositories. A remote attacker could exploit this to access or modify sensitive information. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...

CVS Malformed Directory Request Double-free Privilege Escalation

According to its version number, the CVS server running on the remote host has a double free bug, which could allow a malicious user to elevate their privileges. C Tenable Network Security, Inc. include"compat.inc"; References: From: Stefan Esser Subject: Advisory 01/2003: CVS remote vulnerabilit...

CVE-2000-0680

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action...

CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution

source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and it is sent back to the server and executed with committin...

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution

CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and...

CVS DoS

Hi, I've just found annoying bug in cvs-1.10.7 probably others too. Let's assume you've decided to make your remote cvs repository available to several trusted people. Therefore you need to edit your /etc/inetd.conf file and add line similar to presented below: cvspserver stream tcp nowait root...