CVE-2004-0396

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
http://secunia.com/advisories/11641
http://secunia.com/advisories/11647
http://secunia.com/advisories/11651
http://secunia.com/advisories/11652
http://secunia.com/advisories/11674
http://security.e-matters.de/advisories/072004.html
http://security.gentoo.org/glsa/glsa-200405-12.xml
http://www.debian.org/security/2004/dsa-505
http://www.kb.cert.org/vuls/id/192038
http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
http://www.redhat.com/support/errata/RHSA-2004-190.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
http://marc.info/?l=bugtraq&m=108498454829020&w=2
http://marc.info/?l=bugtraq&m=108500040719512&w=2
http://marc.info/?l=bugtraq&m=108636445031613&w=2
http://marc.info/?l=openbsd-security-announce&m=108508894405639&w=2
http://www.ciac.org/ciac/bulletins/o-147.shtml
http://www.osvdb.org/6305
http://www.securityfocus.com/bid/10384
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
http://www.us-cert.gov/cas/techalerts/TA04-147A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/16193
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A970

CVE-2004-0396

Affected packages