Signature Detail

Short Name	APP:CVS:ARGUMENTX-CMD
Severity	High
Recommended	No
Recommended Action	Drop
Category	APP
Keywords	CVS Argumentx Command Double Free
Release Date	2013/07/09
Update Number	2280
Supported Platforms	idp-4.1+, isg-3.5+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: CVS Argumentx Command Double Free

This signature detects attempts to exploit a known vulnerability against CVS Argumentx Command. A successful attack can lead to unauthorized information disclosure.

Extended Description

CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patch for BID 10384, potentially leading to a server crash. Some of these issues may be leveraged to execute arbitrary code, while other issues may only result in a denial of service.

Affected Products

CVS 1.10.7
CVS 1.10.8
CVS 1.11.0
CVS 1.11.1
CVS 1.11.10
CVS 1.11.11
CVS 1.11.14
CVS 1.11.15
CVS 1.11.16
CVS 1.11.1 P1
CVS 1.11.2
CVS 1.11.3
CVS 1.11.4
CVS 1.11.5
CVS 1.11.6
CVS 1.12.1
CVS 1.12.2
CVS 1.12.5
CVS 1.12.7
CVS 1.12.8
FreeBSD 1.1.5 .1
FreeBSD 2.0.0
FreeBSD 2.0.5
FreeBSD 2.1.0
FreeBSD 2.1.0 X
FreeBSD 2.1.5
FreeBSD 2.1.6
FreeBSD 2.1.6 .1
FreeBSD 2.1.7 .1
FreeBSD 2.2.0
FreeBSD 2.2.0 X
FreeBSD 2.2.2
FreeBSD 2.2.3
FreeBSD 2.2.4
FreeBSD 2.2.5
FreeBSD 2.2.6
FreeBSD 2.2.8
FreeBSD 2.X
FreeBSD 3.0.0
FreeBSD 3.0.0 -RELENG
FreeBSD 3.1.0
FreeBSD 3.1.0 X
FreeBSD 3.2.0
FreeBSD 3.2.0 X
FreeBSD 3.3.0
FreeBSD 3.3.0 X
FreeBSD 3.4.0
FreeBSD 3.4.0 X
FreeBSD 3.5.0
FreeBSD 3.5.0 -STABLE
FreeBSD 3.5.0 -Stablepre050201
FreeBSD 3.5.0 -Stablepre122300
FreeBSD 3.5.0 X
FreeBSD 3.5.1
FreeBSD 3.5.1 -RELEASE
FreeBSD 3.5.1 -STABLE
FreeBSD 3.5.1 -Stablepre2001-07-20
FreeBSD 3.X
FreeBSD 4.0.0
FreeBSD 4.0.0 Alpha
FreeBSD 4.0.0 -RELENG
FreeBSD 4.0.0 .X
FreeBSD 4.1.0
FreeBSD 4.10.0
FreeBSD 4.10.0 -RELEASE
FreeBSD 4.10.0 -RELENG
FreeBSD 4.10-PRERELEASE
FreeBSD 4.1.1
FreeBSD 4.1.1 -RELEASE
FreeBSD 4.1.1 -STABLE
FreeBSD 4.2.0
FreeBSD 4.2.0 -RELEASE
FreeBSD 4.2.0 -STABLE
FreeBSD 4.2.0 -Stablepre050201
FreeBSD 4.2.0 -Stablepre122300
FreeBSD 4.3.0
FreeBSD 4.3.0 -RELEASE
FreeBSD 4.3.0 -RELEASE-P38
FreeBSD 4.3.0 -RELENG
FreeBSD 4.3.0 -STABLE
FreeBSD 4.4.0
FreeBSD 4.4.0 -RELEASE-P42
FreeBSD 4.4.0 -RELENG
FreeBSD 4.4.0 -STABLE
FreeBSD 4.5.0
FreeBSD 4.5.0 -RELEASE
FreeBSD 4.5.0 -RELEASE-P32
FreeBSD 4.5.0 -RELENG
FreeBSD 4.5.0 -STABLE
FreeBSD 4.5.0 -Stablepre2002-03-07
FreeBSD 4.6.0
FreeBSD 4.6.0 -RELEASE
FreeBSD 4.6.0 -RELEASE-P20
FreeBSD 4.6.0 -RELENG
FreeBSD 4.6.0 -STABLE
FreeBSD 4.6.2
FreeBSD 4.7.0
FreeBSD 4.7.0 -RELEASE
FreeBSD 4.7.0 -RELEASE-P17
FreeBSD 4.7.0 -RELENG
FreeBSD 4.7.0 -STABLE
FreeBSD 4.8.0
FreeBSD 4.8.0 -PRERELEASE
FreeBSD 4.8.0 -RELEASE-P7
FreeBSD 4.8.0 -RELENG
FreeBSD 4.9.0
FreeBSD 4.9.0 -PRERELEASE
FreeBSD 4.9.0 -RELENG
FreeBSD 5.0.0
FreeBSD 5.0.0 Alpha
FreeBSD 5.0.0 -RELEASE-P14
FreeBSD 5.0.0 -RELENG
FreeBSD 5.1.0
FreeBSD 5.1.0 -RELEASE
FreeBSD 5.1.0 -RELEASE/Alpha
FreeBSD 5.1.0 -RELEASE-P5
FreeBSD 5.1.0 -RELENG
FreeBSD 5.2.0
FreeBSD 5.2.0 -RELEASE
FreeBSD 5.2.0 -RELENG
FreeBSD 5.2.1 -RELEASE
Gentoo Linux 1.4.0
OpenBSD 3.4
OpenBSD 3.5
OpenBSD -Current
OpenPKG 1.3.0
OpenPKG 2.0.0
OpenPKG Current
SGI ProPack 2.4.0
SGI ProPack 3.0.0

References

BugTraq: 10499
CVE: CVE-2004-0416

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: CVS Argumentx Command Double Free

Extended Description

Affected Products

References