Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.Install Now
Available for macOS, Windows, and Linux
FreeBSD Ports: cvs+ipv6
The remote host is missing an update to the system as announced in the referenced advisory.
The following package is affected: cvs+ipv6 CVE-2004-0414 CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed 'Entry' lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVE-2004-0416 Double-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. CVE-2004-0417 Integer overflow in the 'Max-dotdot' CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. CVE-2004-0418 serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an 'out-of-bounds' write for a single byte to execute arbitrary code or modify critical program data. CVE-2004-0778 CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Update your system with the appropriate patches or software upgrades.
Common Vulnerabilities and Exposures (CVE)