Lucene search
SuseSUSE-SA:2003:0007HistoryJan 22, 2003 - 4:52 p.m.
remote system compromise in cvs
2003-01-2216:52:12
lists.opensuse.org
14
0.296 Low
EPSS
Percentile
96.9%
CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a “double free” bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server. Additionally two features (‘Update-prog’ and ‘Checkin-prog’) were disabled to stop clients with write access to execute arbitrary code on the server. These features may be configurable at run-time in future releases of CVS server.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.1 | ppc | cvs | < 1.11-115 | cvs-1.11-115.ppc.rpm |
| openSUSE | 7.2 | i386 | cvs | < 1.11-231 | cvs-1.11-231.i386.rpm |
| openSUSE | 7.1 | alpha | cvs | < 1.11-106 | cvs-1.11-106.alpha.rpm |
| openSUSE | 7.1 | i386 | cvs | < 1.11-230 | cvs-1.11-230.i386.rpm |
| openSUSE | 7.3 | ppc | cvs | < 1.11-115 | cvs-1.11-115.ppc.rpm |
| openSUSE | 7.3 | i386 | cvs | < 1.11-230 | cvs-1.11-230.i386.rpm |
| openSUSE | 8.0 | i386 | cvs | < 1.11.1p1-235 | cvs-1.11.1p1-235.i386.rpm |
| openSUSE | 8.1 | i586 | cvs | < 1.11.1p1-235 | cvs-1.11.1p1-235.i586.rpm |
| openSUSE | 7.3 | sparc | cvs | < 1.11-103 | cvs-1.11-103.sparc.rpm |
Related
cve
cve
CVE-2003-0015
2004-09-01 04:00:00
nvd
nvd
CVE-2003-0015
2003-02-07 05:00:00
securityvulns
securityvulns
Advisory 01/2003: CVS remote vulnerability
2003-01-23 00:00:00
CERT Advisory CA-2003-02 Double-Free Bug in CVS Server
2003-01-23 00:00:00
slackware
slackware
New CVS packages available
2003-01-21 14:26:20
osv
osv
cvs - doubly freed memory
2003-01-21 00:00:00
nessus
nessus
SSA-18708 New CVS packages available
2005-07-13 00:00:00
Debian DSA-233-1 : cvs - doubly freed memory
2004-09-29 00:00:00
Mandrake Linux Security Advisory : cvs (MDKSA-2003:009)
2004-07-31 00:00:00
cert
cert
Concurrent Versions System (CVS) server improperly deallocates memory
2003-01-21 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_PSERVERD
2003-02-07 05:00:00
openvas
openvas
Debian Security Advisory DSA 233-1 (cvs)
2008-01-17 00:00:00
Debian Security Advisory DSA 233-1 (cvs)
2008-01-17 00:00:00
debiancve
debiancve
CVE-2003-0015
2004-09-01 04:00:00
debian
debian
[SECURITY] [DSA 233-1] New cvs packages fix arbitrary code execution
2003-01-21 14:05:10
[SECURITY] [DSA 233-1] New cvs packages fix arbitrary code execution
2003-01-21 14:05:10
redhat
redhat
(RHSA-2003:013) cvs security update
2003-02-06 00:00:00
ubuntucve
ubuntucve
CVE-2003-0015
2003-02-07 00:00:00
cvelist
cvelist
CVE-2003-0015
2004-09-01 04:00:00