Vulnerability Details : CVE-2004-0396
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-0396
- cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:cvs:cvs:1.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0396
96.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0396
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2004-0396
-
http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
'cvs server buffer overflow vulnerability' - MARC
-
http://www.kb.cert.org/vuls/id/192038
VU#192038 - CVS contains a heap overflow in the handling of flag insertionPatch;Third Party Advisory;US Government Resource
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
Mandriva
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
The Slackware Linux Project: Slackware Security Advisories
-
http://www.debian.org/security/2004/dsa-505
Debian -- The Universal Operating SystemPatch;Vendor Advisory
-
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
-
http://www.ciac.org/ciac/bulletins/o-147.shtml
-
http://security.gentoo.org/glsa/glsa-200405-12.xml
CVS heap overflow vulnerability (GLSA 200405-12) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970
404 Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2004-190.html
SupportPatch;Vendor Advisory
-
http://security.e-matters.de/advisories/072004.html
-
http://marc.info/?l=bugtraq&m=108500040719512&w=2
'[OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)' - MARC
-
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
-
http://www.securityfocus.com/bid/10384
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
[Full-Disclosure] Mailing List Charter
-
http://marc.info/?l=bugtraq&m=108636445031613&w=2
'[FLSA-2004:1620] Updated cvs resolves security vulnerabilities' - MARC
-
http://www.us-cert.gov/cas/techalerts/TA04-147A.html
Page Not Found | CISAUS Government Resource
-
http://marc.info/?l=bugtraq&m=108498454829020&w=2
'Advisory 07/2004: CVS remote vulnerability' - MARC
-
http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
404 – Seite nicht gefunden | Stabsstelle Informationssicherheit (RUS-CERT) | Universität Stuttgart
Jump to