SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   CVS Vendors:   GNU [multiple authors]
(Mandrake Issues Fix) CVS Entry Line Heap Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010222
SecurityTracker URL:  http://securitytracker.com/id/1010222
CVE Reference:   CAN-2004-0396   (Links to External Site)
Date:  May 19 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.11.15 and prior versions (stable); 1.12.7 and prior versions (feature)
Description:   A heap overflow vulnerability was reported in Concurrent Versions System (CVS) in the processing of entry lines. A remote user can execute arbitrary code on the target system.

Stefan Esser of e-matters GmbH reported that the overflow occurs when an entry line is processed to determine if the modified and unchanged flags apply. A remote user can reportedly cause the flawed function to be called several times, inserting certain characters into the entry line and overwriting memory.

The vendor was reportedly notified on May 2, 2004.

The original advisory is available at:

http://security.e-matters.de/advisories/072004.html
Impact:   A remote user can execute arbitrary code on the target system with the privileges of the CVS server.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
168c0c9c029edf3827123cd9d0a65da9 10.0/RPMS/cvs-1.11.14-0.2.100mdk.i586.rpm
857ac341672900c63aa5515bb2e9cedc 10.0/SRPMS/cvs-1.11.14-0.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
4696e3ceb8416eae29c0d9b578c6e5ad amd64/10.0/RPMS/cvs-1.11.14-0.2.100mdk.amd64.rpm
857ac341672900c63aa5515bb2e9cedc amd64/10.0/SRPMS/cvs-1.11.14-0.2.100mdk.src.rpm

Corporate Server 2.1:
8c8414e20ffbd851f7900a89c47f7ce8 corporate/2.1/RPMS/cvs-1.11.14-0.2.C21mdk.i586.rpm
748e43d4e8da7210594ac38e12440ef5 corporate/2.1/SRPMS/cvs-1.11.14-0.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
3149f707b46257fe451336348e2d25de x86_64/corporate/2.1/RPMS/cvs-1.11.14-0.2.C21mdk.x86_64.rpm
748e43d4e8da7210594ac38e12440ef5 x86_64/corporate/2.1/SRPMS/cvs-1.11.14-0.2.C21mdk.src.rpm

Mandrakelinux 9.1:
b95849ed65da4cbf41625321519caa4c 9.1/RPMS/cvs-1.11.14-0.2.91mdk.i586.rpm
9c4a8ff396602baa633ac2902a987210 9.1/SRPMS/cvs-1.11.14-0.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
881f57e86790f119ff8378bb4cbe9040 ppc/9.1/RPMS/cvs-1.11.14-0.2.91mdk.ppc.rpm
9c4a8ff396602baa633ac2902a987210 ppc/9.1/SRPMS/cvs-1.11.14-0.2.91mdk.src.rpm

Mandrakelinux 9.2:
a0611b79ddfdf089a8f468c7bdc32171 9.2/RPMS/cvs-1.11.14-0.2.92mdk.i586.rpm
38a5a75e6a27b3854513a75fae36eaf2 9.2/SRPMS/cvs-1.11.14-0.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
283e7a5379a12bd879ef5432458fe9bb amd64/9.2/RPMS/cvs-1.11.14-0.2.92mdk.amd64.rpm
38a5a75e6a27b3854513a75fae36eaf2 amd64/9.2/SRPMS/cvs-1.11.14-0.2.92mdk.src.rpm
Vendor URL:  www.cvshome.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Mandriva/Mandrake)

Message History:   This archive entry is a follow-up to the message listed below.
May 19 2004 CVS Entry Line Heap Overflow Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  19 May 2004 18:18:23 -0000
Subject:  MDKSA-2004:048 - Updated cvs packages fix remotely exploitable vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cvs
 Advisory ID:            MDKSA-2004:048
 Date:                   May 19th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Stefan Esser discovered that malformed "Entry" lines in combination
 with Is-modified and Unchanged can be used to overflow malloc()ed
 memory in a way that can be remotely exploited.
 
 The updated packages contain a patch to correct the problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 168c0c9c029edf3827123cd9d0a65da9  10.0/RPMS/cvs-1.11.14-0.2.100mdk.i586.rpm
 857ac341672900c63aa5515bb2e9cedc  10.0/SRPMS/cvs-1.11.14-0.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 4696e3ceb8416eae29c0d9b578c6e5ad  amd64/10.0/RPMS/cvs-1.11.14-0.2.100mdk.amd64.rpm
 857ac341672900c63aa5515bb2e9cedc  amd64/10.0/SRPMS/cvs-1.11.14-0.2.100mdk.src.rpm

 Corporate Server 2.1:
 8c8414e20ffbd851f7900a89c47f7ce8  corporate/2.1/RPMS/cvs-1.11.14-0.2.C21mdk.i586.rpm
 748e43d4e8da7210594ac38e12440ef5  corporate/2.1/SRPMS/cvs-1.11.14-0.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 3149f707b46257fe451336348e2d25de  x86_64/corporate/2.1/RPMS/cvs-1.11.14-0.2.C21mdk.x86_64.rpm
 748e43d4e8da7210594ac38e12440ef5  x86_64/corporate/2.1/SRPMS/cvs-1.11.14-0.2.C21mdk.src.rpm

 Mandrakelinux 9.1:
 b95849ed65da4cbf41625321519caa4c  9.1/RPMS/cvs-1.11.14-0.2.91mdk.i586.rpm
 9c4a8ff396602baa633ac2902a987210  9.1/SRPMS/cvs-1.11.14-0.2.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 881f57e86790f119ff8378bb4cbe9040  ppc/9.1/RPMS/cvs-1.11.14-0.2.91mdk.ppc.rpm
 9c4a8ff396602baa633ac2902a987210  ppc/9.1/SRPMS/cvs-1.11.14-0.2.91mdk.src.rpm

 Mandrakelinux 9.2:
 a0611b79ddfdf089a8f468c7bdc32171  9.2/RPMS/cvs-1.11.14-0.2.92mdk.i586.rpm
 38a5a75e6a27b3854513a75fae36eaf2  9.2/SRPMS/cvs-1.11.14-0.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 283e7a5379a12bd879ef5432458fe9bb  amd64/9.2/RPMS/cvs-1.11.14-0.2.92mdk.amd64.rpm
 38a5a75e6a27b3854513a75fae36eaf2  amd64/9.2/SRPMS/cvs-1.11.14-0.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAq6TvmqjQ0CJFipgRAlfxAJ4/mwfH4l3tKdCMrst1pdlZxAudKgCgvspT
EsAFpcYaUhQcaG1vhF9sRE4=
=cKXD
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC