From 4a6e26a6c599770baf090b2ab92f177a3aeaa0b9 Mon Sep 17 00:00:00 2001 From: des Date: Wed, 19 May 2004 12:55:35 +0000 Subject: Add an entry for the cvs pserver heap overflow. --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b2413ef8610d..64223a342486 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -30,6 +30,40 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + cvs pserver remote heap buffer overflow + + + FreeBSD + 5.25.2_7 + 5.15.1_17 + 5.05.0_21 + 4.94.9_8 + 4.84.8_21 + 4.04.7_27 + + + + +

Due to a programming error in code used to parse data + received from the client, malformed data can cause a heap + buffer to overflow, allowing the client to overwrite + arbitrary portions of the server's memory.

+

A malicious CVS client can exploit this to run arbitrary + code on the server at the privilege level of the CVS server + software.

+ +
+ + CAN-2004-0396 + SA-04:10.cvs + + + 2004-05-02 + 2004-05-19 + +
+ URI handler vulnerabilities in several browsers -- cgit