Lucene search
SuseSUSE-SA:2004:013HistoryMay 19, 2004 - 11:10 a.m.
remote command execution in cvs
2004-05-1911:10:20
lists.opensuse.org
20
0.97 High
EPSS
Percentile
99.7%
The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Stefan Esser reported buffer overflow conditions within the cvs program. They allow remote attackers to execute arbitrary code as the user the cvs server runs as. Since there is no easy workaround we strongly recommend to update the cvs package.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | i586 | cvs | < 1.11.14-24.3 | cvs-1.11.14-24.3.i586.rpm |
| openSUSE | 9.0 | x86_64 | cvs | < 1.11.6-81 | cvs-1.11.6-81.x86_64.rpm |
| openSUSE | 8.2 | i586 | cvs | < 1.11.5-112 | cvs-1.11.5-112.i586.rpm |
| openSUSE | 9.1 | x86_64 | cvs | < 1.11.14-24.3 | cvs-1.11.14-24.3.x86_64.rpm |
| openSUSE | 8.0 | i386 | cvs | < 1.11.1p1-329 | cvs-1.11.1p1-329.i386.rpm |
| openSUSE | 9.0 | i586 | cvs | < 1.11.6-81 | cvs-1.11.6-81.i586.rpm |
| openSUSE | 8.1 | i586 | cvs | < 1.11.1p1-329 | cvs-1.11.1p1-329.i586.rpm |
Related
nessus
nessus
GLSA-200405-13 : neon heap-based buffer overflow
2004-08-30 00:00:00
GLSA-200405-15 : cadaver heap-based buffer overflow
2004-08-30 00:00:00
Debian DSA-507-1 : cadaver - buffer overflow
2004-09-29 00:00:00
securityvulns
securityvulns
Advisory 06/2004: libneon date parsing vulnerability
2004-05-19 00:00:00
Advisory 07/2004: CVS remote vulnerability
2004-05-19 00:00:00
[Full-Disclosure] Advisory 08/2004: Subversion remote vulnerability
2004-05-19 00:00:00
openvas
openvas
FreeBSD Ports: neon
2008-09-04 00:00:00
Debian Security Advisory DSA 506-1 (neon)
2008-01-17 00:00:00
Debian Security Advisory DSA 507-1 (cadaver)
2008-01-17 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
freebsd
freebsd
neon date parsing vulnerability
2004-05-19 00:00:00
subversion date parsing vulnerability
2004-05-19 00:00:00
cvs pserver remote heap buffer overflow
2004-05-02 00:00:00
cve
cve
gentoo
gentoo
neon heap-based buffer overflow
2004-05-20 00:00:00
cadaver heap-based buffer overflow
2004-05-20 00:00:00
Buffer overflow in Subversion
2004-05-20 00:00:00
osv
osv
neon - buffer overflow
2004-05-19 00:00:00
cvs - heap overflow
2004-05-19 00:00:00
redhat
redhat
(RHSA-2004:191) cadaver security update
2004-05-19 00:00:00
(RHSA-2004:190) cvs security update
2004-05-19 00:00:00
debian
debian
[SECURITY] [DSA 506-1] New neon packages fix buffer overflow
2004-05-19 09:21:53
[SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow
2004-05-19 11:36:47
[SECURITY] [DSA 505-1] New cvs packages fix remote exploit
2004-05-19 08:58:27
checkpoint_advisories
checkpoint_advisories
CVS Entry Line Flag Remote Heap Overflow - Ver2 (CVE-2004-0396)
2014-12-28 00:00:00
CVS Entry Line Flag Remote Heap Overflow - Ver2 (CVE-2004-0396)
2014-12-28 00:00:00
slackware
slackware
cvs
2004-05-19 19:14:49
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.15-alt2
2004-05-10 00:00:00
canvas
canvas
Immunity Canvas: SVNDATE
2004-07-07 04:00:00
Immunity Canvas: PSERVERD
2004-06-14 04:00:00
packetstorm
packetstorm
Subversion Date Overflow
2009-10-28 00:00:00
cert
cert
freebsd_advisory
freebsd_advisory
FreeBSD-SA-04:10.cvs
2004-05-19 00:00:00
suse
suse
remote system compromise in subversion
2004-06-17 09:42:39
remote system compromise in squid
2004-06-09 14:47:16
local denial-of-service attack in kernel
2004-06-16 14:13:55