EUVD-2004-0413

Malware in sbrugna...

SUSE CVE-2004-0396

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines...

SUSE CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service crash, modification of critical program data, or arbitrary code execution...

CVS malformed entry lines flaw

The remote CVS server, according to its version number, might allow an attacker to execute arbitrary commands on the remote system because of a flaw relating to malformed Entry lines which lead to a missing NULL terminator. Among the issues deemed likely to be exploitable were: - a double-free...

DEBIAN-CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service crash, modification of critical program data, or arbitrary code execution...

Fedora Core 1 : cvs-1.11.17-1 (2004-169)

While investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed 'Entry' lines which lead to a missing NULL terminator. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2004-0414 to this issue. Stefan Esser and...

RHEL 2.1 / 3 : cvs (RHSA-2004:190)

An updated cvs package that fixes a server vulnerability that could be exploited by a malicious client is now available. CVS is a version control system frequently used to manage source code repositories. Stefan Esser discovered a flaw in cvs where malformed 'Entry' lines could cause a heap...

DEBIAN-CVE-2004-0396

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines...

security flaw

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service crash, modification of critical program data, or arbitrary code execution...

security flaw

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines...