Mandrake Linux Security Advisory : cvs (MDKSA-2004:058)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Another vulnerability was discovered related to 'Entry' lines in cvs,
by the development team (CVE-2004-0414).

As well, Stefan Esser and Sebastian Krahmer performed an audit on the
cvs source code and discovered a number of other problems, including :

A double-free condition in the server code is exploitable
(CVE-2004-0416).

By sending a large number of arguments to the CVS server, it is
possible to cause it to allocate a huge amount of memory which does
not fit into the address space, causing an error (CVE-2004-0417).

It was found that the serve_notify() function would write data out of
bounds (CVE-2004-0418).

The provided packages update cvs to 1.11.16 and include patches to
correct all of these problems.

Solution :

Update the affected cvs package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14157 (mandrake_MDKSA-2004-058.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0414
CVE-2004-0416
CVE-2004-0417
CVE-2004-0418

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now