Signature Detail
Short Name |
APP:CVS:CVS-AUTHOR-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
CVS: Author Name Overflow |
Release Date |
2005/04/28 |
Update Number |
1213 |
Supported Platforms |
idp-4.1+, isg-3.5+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: CVS: Author Name Overflow
This signature detects attempts to exploit a known vulnerability against CVS versions prior to 1.11.20. A successful attack can lead to arbitrary malicious code execution within the context of the CVS server.
Extended Description
CVS is prone to unspecified buffer overflow, memory access vulnerabilities, and a NULL pointer dereference denial of service. It is conjectured that the issues may be leveraged by a remote authenticated user to disclose regions of the CVS process memory, and to corrupt CVS process memory. The two issues combined may lead to a remote attacker reliably executing arbitrary code in the context of the vulnerable process, although this is not confirmed. This BID will be updated as soon as further information is made available.
Affected Products
- Conectiva Linux 10.0.0
- Conectiva Linux 9.0.0
- CVS 1.11.10
- CVS 1.11.11
- CVS 1.11.14
- CVS 1.11.15
- CVS 1.11.16
- CVS 1.11.17
- CVS 1.11.19
- CVS 1.11.1 P1
- CVS 1.11.5
- CVS 1.11.6
- CVS 1.12.1
- CVS 1.12.10
- CVS 1.12.11
- CVS 1.12.2
- CVS 1.12.5
- CVS 1.12.7
- CVS 1.12.8
- CVS 1.12.9
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- FreeBSD 4.0.0
- FreeBSD 4.0.0 Alpha
- FreeBSD 4.0.0 -RELENG
- FreeBSD 4.0.0 .X
- FreeBSD 4.1.0
- FreeBSD 4.10.0
- FreeBSD 4.10.0 -RELEASE
- FreeBSD 4.10.0 -RELEASE-P8
- FreeBSD 4.10.0 -RELENG
- FreeBSD 4.10-PRERELEASE
- FreeBSD 4.1.1
- FreeBSD 4.11.0 -RELEASE-P3
- FreeBSD 4.11.0 -RELENG
- FreeBSD 4.11.0 -STABLE
- FreeBSD 4.1.1 -RELEASE
- FreeBSD 4.1.1 -STABLE
- FreeBSD 4.2.0
- FreeBSD 4.2.0 -RELEASE
- FreeBSD 4.2.0 -STABLE
- FreeBSD 4.2.0 -Stablepre050201
- FreeBSD 4.2.0 -Stablepre122300
- FreeBSD 4.3.0
- FreeBSD 4.3.0 -RELEASE
- FreeBSD 4.3.0 -RELEASE-P38
- FreeBSD 4.3.0 -RELENG
- FreeBSD 4.3.0 -STABLE
- FreeBSD 4.4.0
- FreeBSD 4.4.0 -RELEASE-P42
- FreeBSD 4.4.0 -RELENG
- FreeBSD 4.4.0 -STABLE
- FreeBSD 4.5.0
- FreeBSD 4.5.0 -RELEASE
- FreeBSD 4.5.0 -RELEASE-P32
- FreeBSD 4.5.0 -RELENG
- FreeBSD 4.5.0 -STABLE
- FreeBSD 4.5.0 -Stablepre2002-03-07
- FreeBSD 4.6.0
- FreeBSD 4.6.0 -RELEASE
- FreeBSD 4.6.0 -RELEASE-P20
- FreeBSD 4.6.0 -RELENG
- FreeBSD 4.6.0 -STABLE
- FreeBSD 4.6.2
- FreeBSD 4.7.0
- FreeBSD 4.7.0 -RELEASE
- FreeBSD 4.7.0 -RELEASE-P17
- FreeBSD 4.7.0 -RELENG
- FreeBSD 4.7.0 -STABLE
- FreeBSD 4.8.0
- FreeBSD 4.8.0 -PRERELEASE
- FreeBSD 4.8.0 -RELEASE-P7
- FreeBSD 4.8.0 -RELENG
- FreeBSD 4.9.0
- FreeBSD 4.9.0 -PRERELEASE
- FreeBSD 4.9.0 -RELENG
- FreeBSD 5.0.0
- FreeBSD 5.0.0 Alpha
- FreeBSD 5.0.0 -RELEASE-P14
- FreeBSD 5.0.0 -RELENG
- FreeBSD 5.1.0
- FreeBSD 5.1.0 -RELEASE
- FreeBSD 5.1.0 -RELEASE/Alpha
- FreeBSD 5.1.0 -RELEASE-P5
- FreeBSD 5.1.0 -RELENG
- FreeBSD 5.2.0
- FreeBSD 5.2.0 -RELEASE
- FreeBSD 5.2.0 -RELENG
- FreeBSD 5.2.1 -RELEASE
- FreeBSD 5.3.0
- FreeBSD 5.3.0 -RELEASE
- FreeBSD 5.3.0 -RELENG
- FreeBSD 5.3.0 -STABLE
- FreeBSD 5.4.0 -PRERELEASE
- FreeBSD 5.4.0 -RELEASE
- Gentoo Linux
- NetBSD 2.0.0
- NetBSD 2.0.1
- NetBSD 2.0.2
- OpenBSD 3.5
- OpenBSD 3.6
- OpenBSD 3.7
- Peachtree Linux Release 1
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Linux 7.3.0
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 7.3.0 I686
- Red Hat Linux 9.0.0 I386
- SGI ProPack 3.0.0
- SuSE Linux Personal 8.2.0
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Open-Enterprise-Server 9.0.0
- SuSE SUSE CORE 9 for x86
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SuSE Linux School Server for i386
- SuSE UnitedLinux 1.0.0
- Turbolinux Appliance Server Hosting Edition 1.0.0
- Turbolinux Appliance Server Workgroup Edition 1.0.0
- Turbolinux 10 F...
- Turbolinux Turbolinux Desktop 10.0.0
- Turbolinux Turbolinux Server 10.0.0
- Turbolinux Turbolinux Server 7.0.0
- Turbolinux Turbolinux Server 8.0.0
- Turbolinux Turbolinux Workstation 7.0.0
- Turbolinux Turbolinux Workstation 8.0.0
- Ubuntu Ubuntu Linux 4.1.0 Ia32
- Ubuntu Ubuntu Linux 4.1.0 Ia64
- Ubuntu Ubuntu Linux 4.1.0 Ppc
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
References