Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
FreeBSD Ports: cvs+ipv6
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Insight
Insight
The following package is affected: cvs+ipv6 CVE-2004-0414 CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed 'Entry' lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVE-2004-0416 Double-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. CVE-2004-0417 Integer overflow in the 'Max-dotdot' CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. CVE-2004-0418 serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an 'out-of-bounds' write for a single byte to execute arbitrary code or modify critical program data. CVE-2004-0778 CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Solution
Solution
Update your system with the appropriate patches or software upgrades.
Common Vulnerabilities and Exposures (CVE)
References
- http://secunia.com/advisories/11817
- http://secunia.com/advisories/12309
- http://security.e-matters.de/advisories/092004.html
- http://www.idefense.com/application/poi/display?id=130&type=vulnerabil
- https://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.104
- http://www.vuxml.org/freebsd/d2102505-f03d-11d8-81b0-000347a4fa7d.html