Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SA:2004:015
HistoryJun 09, 2004 - 1:52 p.m.

remote command execution in cvs

2004-06-0913:52:11
lists.opensuse.org
15

0.933 High

EPSS

Percentile

99.1%

JSON

The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stefan Esser and Sebastian Krahmer (SuSE Security-Team). These bugs allow remote attackers to execute arbitrary code as the user the CVS server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. The update packages fix vulnerabilities which have been assigned the CAN numbers CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418. The cvs packages shipped by SUSE (as well as our recent updates for CVS) are not vulnerable to CAN-2004-0414.

Related

nessus 53
openvas 46
gentoo 6
slackware 2
securityvulns 7
altlinux 5
suse 8
freebsd 4
debian 5
osv 3
redhat 3
freebsd_advisory 1
ubuntucve 9
debiancve 6
f5 2
nvd 10
cve 10
cvelist 9
httpd 6
checkpoint_advisories 3
cert 1
nessus
nessus
Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)
2005-07-13 00:00:00
Debian DSA-517-1 : cvs - buffer overflow
2004-09-29 00:00:00
Fedora Core 2 : cvs-1.11.17-2 (2004-170)
2004-07-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2004-133-01)
2012-09-10 00:00:00
CVS malformed entry lines flaw
2005-11-03 00:00:00
Slackware Advisory SSA:2004-133-01 apache
2012-09-11 00:00:00
gentoo
gentoo
CVS: additional DoS and arbitrary code execution vulnerabilities
2004-06-10 00:00:00
Apache 1.3: Multiple vulnerabilities
2004-05-26 00:00:00
neon heap-based buffer overflow
2004-05-20 00:00:00
slackware
slackware
cvs
2004-06-09 14:05:46
apache
2004-05-12 16:54:58
securityvulns
securityvulns
[Full-Disclosure] Advisory 09/2004: More CVS remote vulnerabilities
2004-06-09 00:00:00
SUSE Security Announcement: kernel (SuSE-SA:2004:017)
2004-06-18 00:00:00
SUSE Security Announcement: cvs (SuSE-SA:2004:008)
2004-04-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.15-alt4
2004-06-08 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.0.40-21
2003-02-24 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.40-21
2003-02-24 00:00:00
suse
suse
remote file creation in kdelibs/kdelibs3
2004-05-26 11:35:37
remote system compromise in subversion
2004-06-17 09:42:39
local denial-of-service attack in kernel
2004-06-16 14:13:55
freebsd
freebsd
cvs -- numerous vulnerabilities
2004-05-20 00:00:00
neon date parsing vulnerability
2004-05-19 00:00:00
Apache 1.3 IP address access control failure on some 64-bit platforms
2004-03-07 00:00:00
debian
debian
[SECURITY] [DSA 519-1] New CVS packages fix several potential security problems
2004-06-15 08:26:37
[SECURITY] [DSA 519-1] New CVS packages fix several potential security problems
2004-06-15 08:26:37
[SECURITY] [DSA 517-1] New CVS packages fix buffer overflow
2004-06-10 10:00:39
osv
osv
cvs - several vulnerabilities
2004-06-15 00:00:00
neon - buffer overflow
2004-05-19 00:00:00
cvs - buffer overflow
2004-06-10 00:00:00
redhat
redhat
(RHSA-2004:233) cvs security update
2004-06-09 00:00:00
(RHSA-2004:191) cadaver security update
2004-05-19 00:00:00
(RHSA-2004:157) cadaver security update
2004-04-14 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-04:14.cvs
2004-09-19 00:00:00
ubuntucve
ubuntucve
CVE-2004-0398
2004-07-07 00:00:00
CVE-2003-0987
2004-03-03 00:00:00
CVE-2003-0020
2003-03-18 00:00:00
debiancve
debiancve
CVE-2004-0398
2004-07-07 04:00:00
CVE-2004-0414
2004-08-06 04:00:00
CVE-2003-0020
2004-09-01 04:00:00
f5
f5
K5576 : Authentication vulnerability in Apache mod_digest - CAN-2003-0987
2013-03-28 00:00:00
SOL5576 - Authentication vulnerability in Apache mod_digest - CAN-2003-0987
2007-05-16 00:00:00
nvd
nvd
CVE-2003-0987
2004-03-03 05:00:00
CVE-2003-0993
2004-03-29 05:00:00
CVE-2004-0398
2004-07-07 04:00:00
cve
cve
CVE-2004-0398
2004-07-07 04:00:00
CVE-2003-0020
2004-09-01 04:00:00
CVE-2003-0987
2004-03-03 05:00:00
cvelist
cvelist
CVE-2003-0987
2004-02-03 05:00:00
CVE-2004-0398
2004-05-20 04:00:00
CVE-2003-0020
2004-09-01 04:00:00
httpd
httpd
Apache Httpd < 1.3.31 : mod_digest nonce checking
2003-12-18 00:00:00
Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms
2003-10-15 00:00:00
Apache Httpd < 1.3.31 : Error log escape filtering
2003-02-24 00:00:00
checkpoint_advisories
checkpoint_advisories
CVS Max-dotdot Protocol Command Integer Overflow - Ver2 (CVE-2004-0417)
2014-12-28 00:00:00
CVS Argumentx Command Double Free (CVE-2004-0416)
2009-10-15 00:00:00
CVS Max-dotdot Protocol Command Integer Overflow (CVE-2004-0417)
2009-11-15 00:00:00
cert
cert
Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections
2004-03-24 00:00:00

0.933 High

EPSS

Percentile

99.1%

JSON
Related for SUSE-SA:2004:015
nessus53openvas46gentoo6slackware2securityvulns7altlinux5suse8freebsd4debian5osv3redhat3freebsd_advisory1ubuntucve9debiancve6f52nvd10cve10cvelist9httpd6checkpoint_advisories3cert1