Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.

According to the version of the cvs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - Array index error in the apply_rcs_change function in     rcs.c in CVS 1.11.23 allows local users to gain     privileges via an RCS file containing crafted delta     fragment changes that trigger a heap-based buffer     overflow.(CVE-2010-3846)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0918 advisory.

    [1.11.23-11.el6_0.1]
    - Fix CVE-2010-3846 (Resolves: #644813)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository.
(CVE-2010-3846)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2010:0918 advisory.

    Concurrent Version System (CVS) is a version control system that can record     the history of your files.

    An array index error, leading to a heap-based buffer overflow, was found in     the way CVS applied certain delta fragment changes from input files in the     RCS (Revision Control System file) format. If an attacker in control of a     CVS repository stored a specially-crafted RCS file in that repository, and     then tricked a remote victim into checking out (updating their CVS     repository tree) a revision containing that file, it could lead to     arbitrary code execution with the privileges of the CVS server process     on the system hosting the CVS repository. (CVE-2010-3846)

    Red Hat would like to thank Ralph Loader for reporting this issue.

    All users of cvs are advised to upgrade to this updated package, which     contains a backported patch to correct this issue.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

- Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -     1.11.23-11

    - Fix CVE-2010-3846 (bug #645386)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -     1.11.23-9

    - Fix CVE-2010-3846 (bug #645386)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -     1.11.23-10

    - Fix CVE-2010-3846 (bug #645386)

    - Tue Jan 12 2010 Jiri Moskovcak <jmoskovc at       redhat.com> 1.11.23-9

    - spec file fixes based on review

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124958	EulerOS Virtualization 3.0.1.0 : cvs (EulerOS-SA-2019-1455)	Nessus	Huawei Local Security Checks	medium
68149	Oracle Linux 6 : cvs (ELSA-2010-0918)	Nessus	Oracle Linux Local Security Checks	high
60907	Scientific Linux Security Update : cvs on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
50840	RHEL 6 : cvs (RHSA-2010:0918)	Nessus	Red Hat Local Security Checks	high
50481	Fedora 14 : cvs-1.11.23-11.fc14 (2010-16721)	Nessus	Fedora Local Security Checks	medium
50440	Fedora 12 : cvs-1.11.23-9.fc12 (2010-16599)	Nessus	Fedora Local Security Checks	medium
50398	Fedora 13 : cvs-1.11.23-10.fc13 (2010-16600)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2010-3846

high

Tenable Plugins

medium

high

medium

high

medium

medium

medium