CVS < 1.11.20 / 1.12.12 Multiple Unspecified Vulnerabilities

According to its version number, the remote CVS server has unspecified vulnerabilities. This includes a double free, and a buffer overflow. A remote attacker could exploit these to crash the server, or possibly execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc";...

Debian DSA-486-1 : cvs - several vulnerabilities

Two vulnerabilities have been discovered and fixed in CVS : - CAN-2004-0180 Sebastian Krahmer discovered a vulnerability whereby a malicious CVS pserver could create arbitrary files on the client system during an update or checkout operation, by supplying absolute pathnames in RCS diffs. -...

GLSA-200404-13 : CVS Server and Client Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200404-13 CVS Server and Client Vulnerabilities There are two vulnerabilities in CVS; one in the server and one in the client. The server vulnerability allows a malicious client to request the contents of any RCS file to which the...

GLSA-200406-06 : CVS: additional DoS and arbitrary code execution vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200406-06 CVS: additional DoS and arbitrary code execution vulnerabilities A team audit of the CVS source code performed by Stefan Esser and Sebastian Krahmer resulted in the discovery of several remotely exploitable vulnerabiliti...

CVE-2004-0778

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned...

RHEL 2.1 / 3 : cvs (RHSA-2004:004)

Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a...

RHEL 2.1 / 3 : cvs (RHSA-2004:233)

An updated cvs package that fixes several server vulnerabilities, which could be exploited by a malicious client, is now available. CVS is a version control system frequently used to manage source code repositories. While investigating a previously fixed vulnerability, Derek Price discovered a fl...

[SECURITY] [DSA 519-1] New CVS packages fix several potential security problems

-------------------------------------------------------------------------- Debian Security Advisory DSA 519-1 [email protected] http://www.debian.org/security/ Martin Schulze June 15th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 519-1] New CVS packages fix several potential security problems

-------------------------------------------------------------------------- Debian Security Advisory DSA 519-1 [email protected] http://www.debian.org/security/ Martin Schulze June 15th, 2004 http://www.debian.org/security/faq -...

DSA-519 cvs - several vulnerabilities

Bulletin has no description...

CVS: additional DoS and arbitrary code execution vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description A team audit of the CVS source code performed by Stefan Esser and Sebastian Krahmer resulted in the discovery of several remotely...

CVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities

The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator. Among the issues deemed likely to be exploitable were: - A double-free...

[Full-Disclosure] Advisory 09/2004: More CVS remote vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: More CVS remote vulnerabilities Release Date: 2004/06/09 Last Modified: 2004/06/09 Author: Stefan Esser [email protected] Application: CVS feature release = 1.12.8 CVS stable release...

[SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 486-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 16th, 2004 http://www.debian.org/security/faq -...

DSA-486 cvs - several vulnerabilities

Bulletin has no description...

CVS Server and Client Vulnerabilities

Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...