(Slackware Issues Fix) CVS Entry Line Heap Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1010239 |
|
SecurityTracker URL: http://securitytracker.com/id/1010239
|
|
CVE Reference:
CAN-2004-0396
(Links to External Site)
|
Date: May 20 2004
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.11.15 and prior versions (stable); 1.12.7 and prior versions (feature)
|
Description:
A heap overflow vulnerability was reported in Concurrent Versions System (CVS) in the processing of entry lines. A remote user can execute arbitrary code on the target system.
Stefan Esser of e-matters GmbH reported that the overflow occurs when an entry line is processed to determine if the modified and unchanged flags apply. A remote user can reportedly cause the flawed function to be called several times, inserting certain characters into the entry line and overwriting memory.
The vendor was reportedly notified on May 2, 2004.
The original advisory is available at:
http://security.e-matters.de/advisories/072004.html
|
Impact:
A remote user can execute arbitrary code on the target system with the privileges of the CVS server.
|
Solution:
Slackware has released a fix.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.16-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.16-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.16-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.16-i486-1.tgz
The MD5 signatures are:
Slackware 8.1 package:
331f90ce4d283fb21fb83b5367931a46 cvs-1.11.16-i386-1.tgz
Slackware 9.0 package:
26d5ccf024151d8738abd0c62e78a6ac cvs-1.11.16-i386-1.tgz
Slackware 9.1 package:
a65697b36eae4b10c7418eea2c3f0c0e cvs-1.11.16-i486-1.tgz
Slackware -current package:
dc3175ea975873d4e18fcc250e5dba2b cvs-1.11.16-i486-1.tgz
|
Vendor URL: www.cvshome.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Slackware)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 19 May 2004 19:14:49 -0700 (PDT)
Subject: [slackware-security] cvs (SSA:2004-140-01)
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] cvs (SSA:2004-140-01)
New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to
fix a buffer overflow vulnerability which could allow an attacker to run
arbitrary programs on the CVS server. Sites running a CVS server should
upgrade to the new CVS package right away.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed May 19 14:16:32 PDT 2004
patches/packages/cvs-1.11.16-i486-1.tgz: Upgraded to cvs-1.11.16. From
the NEWS file:
A potential buffer overflow vulnerability in the server has been fixed.
Prior to this patch, a malicious client could potentially use carefully
crafted server requests to run arbitrary programs on the CVS server
machine.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/cvs-1.11.16-i386-1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/cvs-1.11.16-i386-1.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/cvs-1.11.16-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/cvs-1.11.16-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
331f90ce4d283fb21fb83b5367931a46 cvs-1.11.16-i386-1.tgz
Slackware 9.0 package:
26d5ccf024151d8738abd0c62e78a6ac cvs-1.11.16-i386-1.tgz
Slackware 9.1 package:
a65697b36eae4b10c7418eea2c3f0c0e cvs-1.11.16-i486-1.tgz
Slackware -current package:
dc3175ea975873d4e18fcc250e5dba2b cvs-1.11.16-i486-1.tgz
Installation instructions:
+------------------------+
First, shut down the cvs server if you are running one.
Then, upgrade the package:
# upgradepkg cvs-1.11.16-i486-1.tgz
Finally, restart the CVS server.
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAq8+6akRjwEAQIjMRAuu4AJ9pLdtWsZ+pN8Tye4e62INYEuuj3wCeJU2e
syeNDnxboXP9YtFQ8iS3uvU=
=bb/l
-----END PGP SIGNATURE-----
|
|
